Plestawn[.]com is a rogue page that promotes browser notification spam and redirects users to other (likely untrustworthy/malicious) websites. The majority of visitors to such webpages access them via redirects produced by sites utilizing rogue advertising networks. In fact, our researchers disco
Our research team discovered the mctop[.]fun rogue page during a routine investigation of suspicious websites. After investigating this webpage, we learned that it promotes online scams and browser notification spam. Additionally, mctop[.]fun can generate redirects to different (likely dubious/mal
After reading this "Qatar Airways" email, we determined that it is fake. This spam message is presented as a business opportunity. It must be emphasized that this scam offer is in no way associated with the actual Qatar Airways or any other legitimate entities. The likely purpose of this email is
While browsing new file submissions to the VirusTotal platform, our researchers discovered a malicious program called Black. It is based on the Prince ransomware. This program is designed to encrypt data and demand ransoms for the decryption. On our test machine, Black (Prince) ransomware encrypt
PlainGnome is an Android-specific spyware. It is designed to record and steal vulnerable information from infected devices. PlainGnome emerged in 2024. This malware is associated with Gamaredon (also known as Primitive Bear and Shuckworm) – a Russian state-backed threat actor, specifically affili
BoneSpy is an Android-targeting spyware that has been around since at least 2021. This malicious program has its basis from the Russian open-source surveillance software DroidWatcher. BoneSpy is associated with a Russian threat actor dubbed Gamaredon (aka Primitive Bear and Shuckworm). This group
Our discovery of X101 occurred during the inspection of samples submitted to VirusTotal. Upon examining X101, we concluded that it is ransomware that encrypts files, generates a ransom note ("!!!HOW_TO_DECRYPT!!!.TXT"), and renames files by appending the victim's ID and ".X101" extension. For ins
Our examination of the "Failed Login Attempt" email revealed that it is spam. It promotes a phishing scam that targets email log-in credentials. This deceptive message claims that a failed sign-in attempt has been registered on the recipient's account. The spam email with the subject "UNUS
Our team has studied streamads-site[.]com and learned that it presents deceptive content to obtain permission to show notifications. If permitted, streamads-site[.]com can send fake warnings and other misleading notifications to promote potentially malicious pages. Thus, streamads-site[.]com shoul
We have reviewed the email and found it to be a phishing email. Scammers behind this email aim to trick recipients into thinking they received a notification from an email service provider. The goal is to steal personal information through a deceptive website. Recipients should not respond to this