Our team has examined the email and found that it is written by scammers who aim to trick recipients into believing that they have received a notification from their email provider. Their goal is to steal personal information via a deceptive site. Such emails are classified as phishing attempts.
Remus is a stealer associated with Lumma. It shares similar capabilities, including the ability to steal browser passwords, cookies, and cryptocurrency wallet information. It is considered to be an evolution of Lumma (not a separate malware). Remus uses new techniques such as EtherHiding and impro
Marco is an information stealer that targets browser data, cryptocurrency wallets, and sensitive files stored on infected devices or in cloud services. The malware also gathers system details and uses techniques such as encryption and disabling security tools to avoid detection. It sends stolen da
AtlasCross is a Remote Access Trojan (RAT) that lets attackers secretly control a victim's computer. It is known that cybercriminals target mainly Chinese-speaking users and use fake download websites for popular apps to distribute the RAT. AtlasCross is also designed to avoid detection. C
During our inspection, we discovered that hyperswaps-voting-com.pages[.]dev is a deceptive website designed to promote a fake cryptocurrency giveaway. If unsuspecting visitors follow the site's instructions, they risk losing their cryptocurrency holdings. This fake giveaway should be avoided.
Our team has examined the message and concluded that it is a fake "suspension notification" designed to trick recipients into opening a fraudulent login site. That page is used to steal personal information. Emails of this type are classified as phishing attempts. They should be recognized as igno
We have analyzed podomming[.]com and found that it uses a clickbait tactic to trick users into allowing notifications. After permission is granted, it may be misused to push scams and other unwanted content. It is best not to trust websites like podomming[.]com and to exit them if they are encount
NBLock is ransomware that we have discovered during our routine examination of samples uploaded to VirusTotal. This ransomware encrypts files and appends its extension (".NBLock") to them. In addition to locking files, NBLock changes the desktop wallpaper and drops a ransom note ("README_NBLOCK.tx
We have checked panneyess[.]com and found it uses clickbait to mislead visitors into enabling notifications. Once granted, this permission can be abused to deliver scams and other unwanted content. It is strongly recommended to avoid trusting sites like panneyess[.]com and close them if visited.
We have reviewed pocamish[.]com and found that it uses clickbait to trick visitors into allowing it to display notifications. When unreliable websites have this permission, they exploit it to push scams and similar content. It is highly advisable not to trust websites like pocamish[.]com to avoid