BasicLocator is an adware-type app that our researchers discovered while browsing new submissions to the VirusTotal website. Upon investigation, we learned that BasicLocator is part of the AdLoad malware family. Advertising-supported software is designed to generate revenue for its developers/pu
After inspecting the email, we found that it was sent by scammers impersonating Cryptopia. The goal of this scam email is to trick recipients into providing personal information through a fake website. Such emails are known as phishing emails. Recipients should be able to recognize them and should
After examining this "eBucks Rewards" email, we determined that it is fake. This spam message promotes a phishing website, which the recipients are lured into visiting through claims of unredeemed eBucks rewards. It must be emphasized that the information in this email is false, and this mail is
After inspecting the email, we determined it to be a phishing attempt disguised as a quote inquiry. It contains a link to a fraudulent webpage where recipients are asked to provide personal information. These types of emails should be ignored to prevent any potential risks. The phishing em
During our analysis of gapconnectionbridge.co[.]in, we discovered that it uses clickbait to obtain permission to send notifications. Once permitted, gapconnectionbridge.co[.]in can show deceptive notifications to trick users into opening untrustworthy websites. Therefore, gapconnectionbridge.co[.]
Our team has examined topgreenview.com and found that it is a fake search engine promoted through an extension (Top Green Search) designed to hijack web browsers. This extension changes the settings of a web browser to promote topgreenview.com. topgreenview.com is a fake search engine because it d
During our examination of QuickSeek, we learned that this extension operates as a browser hijacker. It hijacks a web browser to promote guardflares.com. Additionally, QuickSeek enables the "Managed by your organization" setting. Users are advised not to trust QuickSeek and remove it if it is alrea
Our team discovered YE1337 ransomware during an inspection of samples uploaded to VirusTotal. Once executed, YE1337 encrypts files and appends its extension (".YE1337"). It also drops a ransom note ("YE1337_read_me.txt") and changes the victim's desktop wallpaper. An example of how files encrypte
FireScam is malware targeting Android devices. Threat actors spread the malware through a fake Telegram Premium app on a phishing site. FireScam infects devices with a dropper APK. The malware avoids detection and steals data by using popular services like Firebase. It should be eliminated from in
Our discovery of Contacto occurred while inspecting malware samples submitted to VirusTotal. During examination, we found that Contacto is ransomware designed to encrypt and rename files, create a ransom note ("Contacto_Help.txt"), and change the desktop wallpaper. Contacto appends the ".Contacto"