After inspecting this "Review Important Messages" email, we learned that it is spam. This fake message instructs the recipient to review pending emails. By attempting to do so, users are deceived into providing their log-in credentials (passwords) to a phishing website. The spam email with
PLAYFULGHOST is a backdoor-type malware with remote capabilities. It shares traits with the Gh0st RAT (Remote Access Trojan), which has served as a base and has been used in the development of many malicious programs since its code was leaked. PLAYFULGHOST is a multi-functional malware with anti-
Our researchers discovered ServiceDesk while browsing file submissions to the VirusTotal platform. Upon inspection, we determined that this application is adware from the AdLoad malware family. Software within this classification is designed to generate revenue for its developers/publishers thro
OperativeIndexer is a rogue application discovered by our research team during a routine inspection of new file submissions to the VirusTotal website. After analyzing this app, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family. Adware
"Scroll (SCR) Registration" is a scam that imitates the official website of the Scroll Ethereum scaling solution (scroll.io). The imitator site (register-scroiifdn[.]com; other domains are not unlikely) implies that users who register will receive some benefit. This scam operates as a cryptocurre
NonEuclid is a Remote Access Trojan (RAT) programmed using C#. This RAT allows unauthorized control of a victim’s computer. It bypasses security systems and is harder to detect. NonEuclid uses various techniques, such as avoiding antivirus detection, escalating privileges, and encrypting important
Search-thrill.com is presented as a search engine. Upon inspection, we determined that this website is fake. Like most sites of this kind, search-thrill.com cannot provide search results and redirects to a legitimate search engine. Typically, pages like search-thrill.com are promoted by browser hi
Our team has checked the site (inkairdrop.pages[.]dev) and determined that it is a scam website promoting a fake airdrop (cryptocurrency giveaway). It is created to trick users into believing that they can receive cryptocurrency for free. However, engaging in this scam can result in a significant
Stepadspoint[.]top is the address of a rogue webpage promoting browser notification spam and redirecting users to other (likely unreliable/malicious) sites. Most visitors access stepadspoint[.]top and similar pages through redirects generated by websites that utilize rogue advertising networks. O
We have reviewed this email and found that it is a fraudulent notification claiming to be from Microsoft. It is designed to trick recipients into believing they must "re-validate" their accounts and disclosing personal information on a fake site. Such emails are classified as phishing emails.