Anarchy is a malicious program designed to encrypt data and demand payment for the decryption. Due to this behavior, Anarchy is classified as ransomware. On our testing system, this malware encrypted files and appended their filenames with an "_anarchy" extension. For example, a file initially na
SlowStepper is a backdoor-type malware. Programs within this classification are intended to open a "backdoor" into systems for further infections and, in some cases – even carry them out. SlowStepper was developed at least as early as 2019. It is a sophisticated backdoor that relies on multiple m
BackConnect (BC) is malware that establishes a connection between the infected device and a command-and-control (C&C) server controlled by the attacker. The malware has been linked to the QakBot loader and has been found on the same infrastructure that was used to distribute the ZLoader malwar
Search.withaiforchrome.com is a fake search engine discovered by our researchers while analyzing the ChatGPT Search for Chrome™ browser hijacker. This extension is advertised as a tool that provides a search option with an integrated ChatGPT generative artificial intelligence chatbot. The inclusi
We have inspected the email and concluded that it is a phishing email. It is disguised as a letter regarding a request for a quotation plan and contains a link to a phishing website. The goal of the scammers behind this deceptive email is to trick recipients into disclosing personal information.
Our analysis of the site showed that its purpose is to promote a scam ("McAfee Total Protection has expired") and obtain permission to send notifications. Users should not visit baselanding[.]site and never agree to receive notifications from such pages. Doing so can lead to scams and other online
Upon inspection, our researchers determined that the "Sign-in Attempt Was Blocked" email is spam. This fake message alerts the recipient of a blocked sign-in attempt to their account. The goal is to lure recipients into visiting a phishing website that targets email account log-in credentials.
Disoaq App is a PUA (Potentially Unwanted Application) discovered by our researchers while analyzing a rogue installer. Software within this classification usually has undesirable and hazardous capabilities. Upon investigation, we learned that Disoaq App operates as a dropper for the Legion Loade
Our team has analysed the email and learned that it is written by scammers. It is presented as a message from Capital One regarding an unusual spending. Capital One is a legitimate financial institution in the United States and it has nothing to do with this scam. Recipients of such emails should
Our team has examined the page (jupuary.jupp[.]digital) and discovered that it is designed to appear like the original Jupiter site (jup.ag). Scammers created this fake web page to deceive individuals into taking steps that could result in the theft of their cryptocurrency. Thus, it is important t