BackConnect (BC) is malware that establishes a connection between the infected device and a command-and-control (C&C) server controlled by the attacker. The malware has been linked to the QakBot loader and has been found on the same infrastructure that was used to distribute the ZLoader malwar
Search.withaiforchrome.com is a fake search engine discovered by our researchers while analyzing the ChatGPT Search for Chrome™ browser hijacker. This extension is advertised as a tool that provides a search option with an integrated ChatGPT generative artificial intelligence chatbot. The inclusi
We have inspected the email and concluded that it is a phishing email. It is disguised as a letter regarding a request for a quotation plan and contains a link to a phishing website. The goal of the scammers behind this deceptive email is to trick recipients into disclosing personal information.
Our analysis of the site showed that its purpose is to promote a scam ("McAfee Total Protection has expired") and obtain permission to send notifications. Users should not visit baselanding[.]site and never agree to receive notifications from such pages. Doing so can lead to scams and other online
Upon inspection, our researchers determined that the "Sign-in Attempt Was Blocked" email is spam. This fake message alerts the recipient of a blocked sign-in attempt to their account. The goal is to lure recipients into visiting a phishing website that targets email account log-in credentials.
Disoaq App is a PUA (Potentially Unwanted Application) discovered by our researchers while analyzing a rogue installer. Software within this classification usually has undesirable and hazardous capabilities. Upon investigation, we learned that Disoaq App operates as a dropper for the Legion Loade
Our team has analysed the email and learned that it is written by scammers. It is presented as a message from Capital One regarding an unusual spending. Capital One is a legitimate financial institution in the United States and it has nothing to do with this scam. Recipients of such emails should
Our team has examined the page (jupuary.jupp[.]digital) and discovered that it is designed to appear like the original Jupiter site (jup.ag). Scammers created this fake web page to deceive individuals into taking steps that could result in the theft of their cryptocurrency. Thus, it is important t
After examining this "Capital One - Transfer Schedule" email, we determined that it is fake. It is presented as a notification regarding a scheduled outgoing transaction from the recipient's Capital One account. When an attempt is made to investigate this bogus transfer, the user is deceived into
Our inspection of this "Chase Account Temporarily Restricted" email revealed that it is fake. This spam message states that the recipient's Chase bank account has been blocked due to a detected security breach and suspicious activity. The recipient must review their credentials to regain access –