Spring is a malicious program based on CONTI ransomware. It is designed to encrypt data and demand ransoms for the decryption. Spring ransomware encrypts files and appends their names with a ".FIND_EXPLAIN.TXT.spring" extension. To elaborate, a file initially named "1.jpg" appears as "1.jpg.FIND_
During our analysis, we discovered that this is a phishing email disguised as a notification from FedEx, a legitimate American company specializing in transportation, e-commerce, and business services. The purpose of this deceptive email is to extract personal information from recipients through a
PNGPlug is a malware loader used in attacks targeting Chinese-speaking regions (such as Hong Kong, Taiwan, and mainland China). These campaigns often start with phishing websites designed to deceive users into running a malicious Microsoft Installer (MSI) package camouflaged as legitimate software
After inspecting this "Claim Obol" website (claim.obol[.]bet; other domains are not unlikely), we determined that it is fake. It imitates the official site of the Obol Collective (obol.org), yet it is in no way associated with this platform. The imitator page promotes a cryptocurrency drainer that
After examining this "Bittrex Inc Bankruptcy Notice" email, we determined that it is spam. This fake message states that account holders with the Bittrex cryptocurrency exchange can reclaim their holdings, and the recipient can now transfer over four thousand USD of their digital assets. The scam
Anarchy is a malicious program designed to encrypt data and demand payment for the decryption. Due to this behavior, Anarchy is classified as ransomware. On our testing system, this malware encrypted files and appended their filenames with an "_anarchy" extension. For example, a file initially na
SlowStepper is a backdoor-type malware. Programs within this classification are intended to open a "backdoor" into systems for further infections and, in some cases – even carry them out. SlowStepper was developed at least as early as 2019. It is a sophisticated backdoor that relies on multiple m
BackConnect (BC) is malware that establishes a connection between the infected device and a command-and-control (C&C) server controlled by the attacker. The malware has been linked to the QakBot loader and has been found on the same infrastructure that was used to distribute the ZLoader malwar
Search.withaiforchrome.com is a fake search engine discovered by our researchers while analyzing the ChatGPT Search for Chrome™ browser hijacker. This extension is advertised as a tool that provides a search option with an integrated ChatGPT generative artificial intelligence chatbot. The inclusi
We have inspected the email and concluded that it is a phishing email. It is disguised as a letter regarding a request for a quotation plan and contains a link to a phishing website. The goal of the scammers behind this deceptive email is to trick recipients into disclosing personal information.