During our analysis of StealthGuard, we found that it is promoted as a secure browser offering users private browsing. However, we also discovered the browser is distributed using not only an official but also a suspicious website. This suggests that StealthGuard may exhibit characteristics of an
We have inspected the site and discovered that it presents a fake warning and requests permission to show notifications. If granted permission, scanprotects[.]com can deliver deceptive notifications designed to open potentially malicious websites. Therefore, scanprotects[.]com should not be truste
Our researchers discovered the "Fine For Visiting Pornographic Websites" scam during a routine investigative session of deceptive websites. We found three variants; more are not unlikely. The known versions targeted users in the United Arab Emirates, Saudi Arabia, and India. The scheme claims tha
Our examination revealed that this email masquerades as a notification regarding a mailbox error from an email service provider. It is created to lure recipients into opening a fake website and revealing personal information. Users should avoid responding to such emails or opening links (or files)
Our inspection of the website (stakings-hyperfoundation[.]com) has revealed that it is designed to appear like the original site (hyperfoundation.org). Scammers behind the deceptive page aim to trick individuals into taking steps that can result in the loss of cryptocurrency holdings. Thus, the pa
Our researchers found the Clone ransomware during a routine inspection of new submissions to the VirusTotal website. This malicious program belongs to the Dharma ransomware family. It is designed to encrypt files and demand ransoms for the decryption. On our testing machine, Clone modified files
D0glun is a ransomware-type virus. It aims to encrypt victims' files in order to demand ransoms for the decryption. On our test machine, D0glun encrypted files and altered their names. Initial filenames were appended with an extension following this pattern – ".@D0glun@[original_extension]"; e.g.
While investigating suspicious sites, we discovered a deceptive webpage promoting an installer containing "Corporate Monitoring Tool". The malicious extension could be used to alter the appearance/operation of browsers and to collect sensitive user data. This browser extension could infiltrate dev
LightSpy is a spyware-type program. It can carry out various spying and data-stealing activities. LightSpy has been around since at least 2020. This malware has been used in geopolitically motivated attacks and was proliferated through compromised/deceptive news websites documenting polarizing
InvisibleFerret is a Python-based backdoor malware associated with North Korean threat actors. Cybercriminals use it mainly for data theft and the injection of other tools for additional control. Victims of InvisibleFerret can experience issues like monetary loss, identity theft, and additional in