SpyLend is a malicious program targeting Android devices. It can be utilized in a variety of ways, yet its primary use is to function as "SpyLoan" malware. At the time of writing, this software operated as "SpyLoan" when installed on devices located in India. It offers Indian users predatory loan
Our analysis of safetoworkwith[.]com revealed that the site presents misleading messages and requests permission to show notifications. Notifications from safetoworkwith[.]com are also deceptive and can lead users to unreliable websites. Thus, it is highly advisable to avoid safetoworkwith[.]com.
We have examined newspulse360[.]site and determined that this page cannot be trusted. It displays deceptive content to lure visitors into allowing it to show notifications and uses these notifications to push other unreliable websites. If encountered, newspulse360[.]site should be closed.
Kotalq App is a PUA (Potentially Unwanted Application) that acts as a dropper for the Legion Loader malware. Our researchers discovered an installer containing Kotalq App promoted on a rogue webpage. In addition to the malware, this PUA also dropped the fake "Save to Google Drive" browser extensi
While inspecting malware samples submitted to VirusTotal, we discovered Loches, ransomware from the GlobeImposter family. Loches encrypts data, appends ".loches" to files, and provides a ransom note ("how_to_back_files.html"). An example of how Loches renames files: it changes "1.jpg" to "1.jpg.lo
After examining this "Login From A New Device" email, we determined that it is spam. This fake message alerts the recipient that their email account was signed into from a new device. This spam mail attempts to lure recipients into disclosing their account log-in credentials to a phishing webpage.
We have inspected the email and determined that it is a fake letter regarding an important electronic fund transfer document. It is written by scammers who seek to steal personal information from recipients. Emails of this type should be ignored, and links (or other elements) in them should be lef
Edfr789 is ransomware, a type of malware that encrypts files to prevent access to them. Threat actors use it to get paid for a decryption tool. In addition to locking files, Edfr789 appends four random characters to them and generates a ransom note ("Decryptfiles.txt"). An example of how the ranso
We have examined the email and concluded that it is a sextortion scam. This type of scam typically involves a fraudulent claim that the sender has obtained compromising material, such as explicit photos or videos. Scammers behind such scams demand a ransom, often in cryptocurrency, to prevent the
Shadowpad is a modular malware that uses information-stealing modules and can cause chain infections. It has been around since at least 2017. Initially used by a single threat actor based in China, its later attacks have been attributed to multiple Chinese cyberespionage groups. The latest campai