Our researchers discovered the "Fine For Visiting Pornographic Websites" scam during a routine investigative session of deceptive websites. We found three variants; more are not unlikely. The known versions targeted users in the United Arab Emirates, Saudi Arabia, and India. The scheme claims tha
Our examination revealed that this email masquerades as a notification regarding a mailbox error from an email service provider. It is created to lure recipients into opening a fake website and revealing personal information. Users should avoid responding to such emails or opening links (or files)
Our inspection of the website (stakings-hyperfoundation[.]com) has revealed that it is designed to appear like the original site (hyperfoundation.org). Scammers behind the deceptive page aim to trick individuals into taking steps that can result in the loss of cryptocurrency holdings. Thus, the pa
Our researchers found the Clone ransomware during a routine inspection of new submissions to the VirusTotal website. This malicious program belongs to the Dharma ransomware family. It is designed to encrypt files and demand ransoms for the decryption. On our testing machine, Clone modified files
D0glun is a ransomware-type virus. It aims to encrypt victims' files in order to demand ransoms for the decryption. On our test machine, D0glun encrypted files and altered their names. Initial filenames were appended with an extension following this pattern – ".@D0glun@[original_extension]"; e.g.
While investigating suspicious sites, we discovered a deceptive webpage promoting an installer containing "Corporate Monitoring Tool". The malicious extension could be used to alter the appearance/operation of browsers and to collect sensitive user data. This browser extension could infiltrate dev
LightSpy is a spyware-type program. It can carry out various spying and data-stealing activities. LightSpy has been around since at least 2020. This malware has been used in geopolitically motivated attacks and was proliferated through compromised/deceptive news websites documenting polarizing
InvisibleFerret is a Python-based backdoor malware associated with North Korean threat actors. Cybercriminals use it mainly for data theft and the injection of other tools for additional control. Victims of InvisibleFerret can experience issues like monetary loss, identity theft, and additional in
Our researchers discovered ChannelType while inspecting new submissions to the VirusTotal site. Upon examination, we determined that it is adware from the AdLoad malware family. Adware stands for advertising-supported software and operates by running intrusive advert campaigns. Typically
We have tested the SyncUpgrade application and found that it is designed to bombard users with intrusive and annoying advertisements. In addition to functioning as adware, SyncUpgrade may be capable of accessing personal information. Another reason not to install SyncUpgrade is that multiple sec