"Your Document Has Been Held In A Queue" is a spam email. It informs the recipient of a file sent to them. The email attachment is a phishing file that records account credentials (passwords) entered into it. The spam email with the subject "Pending Notification: Admin is sharing a file wi
While inspecting suspicious websites, our researchers discovered the TuneFinder browser extension. It is promoted as an easy-access tool to song lyrics and related information (e.g., artist discographies, album details, etc.). After analyzing this extension, we determined that it is advertising-su
We have tested keyguard-websecure.com and found that it is a fake search engine. Moreover, we discovered that it is promoted through a browser extension that operates as a browser hijacker. Therefore, users should avoid visiting keyguard-websecure.com and remove it from the settings of a web brows
While investigating untrustworthy sites, our researchers discovered this fake "$TURBO" webpage (turbotoken[.]io; possibly others). Users who try to participate in this bogus airdrop expose their digital wallets to a cryptocurrency drainer. It must be emphasized that this scam is not associated wit
Our researchers discovered quicknetshift.co[.]in while browsing suspect websites. After inspecting this rogue page, we determined that it promotes browser notification spam and redirects visitors to different (likely dubious/malicious) sites. Most users access quicknetshift.co[.]in and webpages ak
TransferLoader is a malware loader that the attackers have used since at least February 2025. It consists of several components: a downloader, a backdoor, and a separate module designed to deploy the backdoor. Cybercriminals have been observed using TransferLoader to deploy ransomware. If detected
Retrorevivesearch.com is a fake search engine our researchers discovered while analyzing the Retro Revive browser hijacker. This extension is supposedly designed to create a retro aesthetic for new browser tabs. Browser hijackers promote these webpages by modifying browser settings. It is notewort
Recipio is promoted as a browser extension (or add-on) that helps users find recipes online by narrowing search results to cooking-related content, making it easier to discover meal ideas, detailed recipes, and step-by-step instructions without unrelated distractions. However, our analysis shows t
Desolator is a malicious program classed as ransomware. It is designed to encrypt files and demand payment for the decryption. After we executed a sample of Desolator on our test machine, it encrypted files and added a ".desolated" extension to their names. For example, a file originally named "1
We have analysed calenital.co[.]in and concluded that this is a deceptive website designed to obtain permission to show notifications through clickbait. Once allowed, calenital.co[.]in can bombard users with fake warnings and other messages designed to direct them to other untrustworthy sites and