ZeroCrumb is a stealer written in the C++ programming language. As the malware type implies, this malicious program is designed to steal sensitive data from infected devices. ZeroCrumb can extract data from installed browsers. ZeroCrumb is a stealer that can extract and exfiltrate data fro
After examining this "European Data Protection Supervisor" email, we determined that it is fake. This spam message is presented as a notification concerning an investigation undertaken by Europol. The document attached to this email details a supposed investigation in which the recipient is presum
We have inspected jabbervinemeelaneskylith[.]com and concluded that it is an untrustworthy website. It distributes an unwanted application that can lead to serious issues. Also, the site wants to show notifications that can expose users to scams and other online threats. Overall, jabbervinemeelane
Our team has inspected the Bionom Query Utils application and discovered that it is a shady app with no beneficial functionality and contains malicious components. One of the risks of installing Bionom Query Utils is the infiltration of Legion Loader, a piece of malware that can lead to additional
Our researchers discovered the StarFire ransomware while reviewing new file submissions to the VirusTotal platform. This malicious program encrypts data and demands payment for the decryption. On our test machine, StarFire encrypted files and appended their names with a ".Celestial" extension. To
Our research team found the parreadver[.]com rogue page while browsing dubious websites. After investigating this webpage, we learned that it endorses spam browser notifications and redirects users to different (likely dubious/malicious) sites. Most visitors to parreadver[.]com and analogous pages
ARCH WIPER is ransomware that we discovered during our inspection of samples submitted to the VirusTotal platform. This ransomware encrypts files and appends ".Arch" extension to them (e.g., it renames "1.jpg" to "1.jpg.Arch" and "2.png" to "2.png.Arch"). Also, ARCH WIPER creates a ransom note ("W
During our inspection of realfastads[.]top, we found that it is an untrustworthy website that displays misleading content to obtain permission to show notifications. Once this permission is granted, realfastads[.]top sends deceptive notifications to trick users into opening other dubious sites.
We have analyzed the site and concluded that its purpose is to trick visitors into allowing it to send notifications. Nonsondfee.co[.]in uses a deceptive technique to get this permission. After receiving it, nonsondfee.co[.]in delivers notifications containing fake warnings and similar content.
We have examined the page (app.saaharalabs[.]com) and found it to be deceptive. It mimics the original website (saharalabs.ai) to trick visitors into performing steps that could lead to cryptocurrency theft. To protect crypto assets, this and similar (unofficial) sites should be avoided. IMP