During our analysis of VipKeyLogger, we found that it is malware operating as a keylogger (keystroke logger). Threat actors use malware of this type to steal sensitive information from victims. We discovered that VipKeyLogger is delivered using fraudulent emails containing a malicious attachment.
CryptoAITools is the name of a cross-platform malware that seeks to steal cryptocurrency. This software can infect Windows and Mac operating systems. CryptoAITools is a malicious Python package, and it has been distributed via PyPI (Python Package Index) and GitHub. In the known campaigns, this m
After inspecting the "American Express - Payment On Hold" email, we determined that it is fake. This spam mail informs the recipient of a pending merchant credit, which will be charged after 48 hours. This email aims to lure recipients into visiting a phishing site that targets American Express ac
Our team has inspected the site and found that it hosts a fake airdrop (cryptocurrency giveaway). In this scam, fraudsters aim to trick individuals into believing that they can receive $SpaceX coins. However, whoever falls for this scam will likely lose their cryptocurrency holdings. Thus, this we
We have examined the Volume booster - Increase Volume extension and discovered that it has traits of adware. This extension promotes potentially malicious apps, websites, and more. Therefore, it is highly advisable not to trust Volume booster - Increase Volume extension and remove it from a web br
Our analysis of travelbugtab.com revealed that it is a fake search engine promoted through a browser hijacker, an extension called Travel Bug. Users should avoid adding browser hijackers and using shady search engines to avoid exposure to potentially malicious pages, scams, and other threats. If t
We have inspected this email and discovered that it is a scam. It is designed to appear as an important letter from an HR manager regarding employment termination. Our analysis has shown that the purpose of this scam email is to extract personal information from recipients. Such emails are known a
Our team has reviewed this email and determined that it is a fake letter posing as an invoice from Avira made via PayPal. Usually, scammers behind such emails seek to extract money and (or) personal information from recipients. It is important not to respond to such emails (or open their contents)
Interlock is a ransomware that encrypts files and demands payment for the decryption. In addition to a Windows variant, there is a version of Interlock targeting Linux operating systems. When we executed a sample of this ransomware on our test machine, it encrypted files and added a ".interlock"
While browsing suspect websites, our researchers discovered the topsafeguardcenter[.]com rogue page. It is designed to promote deceptive content and browser notification spam. The webpage can also redirect users elsewhere (likely untrustworthy/dangerous) sites. Most visitors enter pages like tops