SafeLocker is ransomware that we discovered during an inspection of malware samples uploaded to the VirusTotal site. Once active, SafeLocker encrypts the victim's files and appends its extension (".8xUsq62"). For example, it renames "1.jpg" to "1.jpg. 8xUsq62", "2.png" to "2.png.8xUsq62", etc. Als
After reading this "Australia Lottery" email, we determined that it is spam. This is a phishing email that claims the recipient has won 9.5 million USD in a lottery. This spam mail aims to extract private information and potentially trick recipients into sending scammers money. The spam em
We have analyzed oxaterinoseced.co[.]in and found that its purpose is to receive permission to show notifications through clickbait. Once allowed, oxaterinoseced.co[.]in can send misleading notifications. Interacting with these notifications can direct users to potentially malicious websites.
During our inspection of malware samples uploaded to VirusTotal, we discovered the 9062 ransomware, which is based on Chaos ransomware. Upon execution, 9062 encrypts files and appends the ".9062" extension to files (e.g., it renames "1.jpg" to "1.jpg.9062" and "2.png" to "2.png.9062"). Additional
Our research team discovered dopotics[.]com while examining suspicious websites. This rogue page is designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/harmful) sites. Dopotics[.]com and analogous webpages are primarily accessed via redirects caused b
Bgv-adguard[.]pro is a rogue webpage discovered by our research team during a routine inspection of suspicious sites. This page is designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/hazardous) websites. Webpages like bgv-adguard[.]pro are most common
Our researchers discovered this fake "$STARS Airdrop" while investigating untrustworthy websites. It must be emphasized regardless of any visual similarities to existing projects/platforms – this bogus airdrop is not associated with any of them. This scam operates as a cryptocurrency drainer – i.e
Our inspection of the "Affirm Account Status By Completing CAPTCHA" email revealed that it is spam. This is a phishing scam that targets email log-in credentials through a lure concerning inactive account reduction efforts. The spam email with the subject "Confirm You Are Not A Robot (19cа
Blitz is a two-stage malware targeting Windows systems. The first stage acts as a downloader, while the second stage installs the Blitz bot. Once active, the bot gives attackers remote control over the infected device, enabling them to steal information (such as keystrokes and screenshots) and lau
Dersinstion[.]com is a rogue page discovered by our researchers during a routine inspection of dubious websites. It operates by promoting browser notification spam and redirecting visitors to other (likely unreliable/hazardous) sites. Most users enter dersinstion[.]com and analogous webpages via r