"CrashFix" refers to a social engineering technique intended to infect systems with malware. It is facilitated by a malicious browser extension that crashes the victim's browser and provides fake steps to fix the issue. By following these steps, the victim executes a malicious command on their dev
Happy is a ransomware-type program discovered by our researchers during a routine inspection of new submissions to the VirusTotal website. This malicious program belongs to the MedusaLocker ransomware family. After we executed a sample of malware on our test system, it encrypted files and added a
Evelyn is an information stealer designed to avoid security analysis while it gathers data. The malware can pilfer data such as saved browser passwords, clipboard contents, Wi‑Fi credentials, cryptocurrency wallets, and other information. All stolen information is then sent to the threat actor's c
Our researchers discovered the Lab malicious program while browsing new file submissions to the VirusTotal website. This software is part of the Makop ransomware family. On our test machine, Lab ransomware encrypted files and changed their filenames. Original filenames were appended with a unique
EndRAT is malware that spreads through phishing links designed to look like legitimate advertisements. It is classified as a remote access trojan (RAT) that allows attackers to remotely control infected systems, execute commands, and carry out other malicious activities. If detected on a device, E
We have inspected the website and determined that it is a scam. This fraudulent scheme involves fake warnings designed to trick visitors into contacting scammers. Falling for such scams can lead to consequences such as identity theft, computer infections, or financial losses. This and similar we
We have examined the malware and found it to be ransomware. Our team has discovered Redgov while inspecting malware samples submitted to VirusTotal. Once a system is infiltrated, Redgov encrypts files, appends the ".redgov" extension to files, and drops a ransom note ("!!!_DECRYPT_INFO_!!!.txt").
Our team has examined the malware and concluded that it is ransomware belonging to the Makop family. After execution, Decrypt encrypts files, modifies filenames (by appending the victim's ID and the ".decrypt" extension), changes the desktop wallpaper, and provides a ransom note ("+README-WARNING+
Our analysis has revealed that it is a scam email (a phishing attempt) posing as a security reminder from the email service provider. Scammers use it to steal personal information through a fake website. Recipients of this email should ignore and delete it to avoid the potential outcomes.
Our research team found corphthele[.]com while investigating untrustworthy websites. After inspecting this rogue page, we determined that it promotes browser notification spam and redirects visitors to other (likely unreliable/dangerous) sites. Most users access corphthele[.]com and analogous webp