Tiny FUD is a Trojan that targets macOS users. The term FUD (Fully Undetectable) implies that the malware is built to avoid detection by antivirus and other security tools. It tricks security software by changing process names, using DYLD injection, and running commands from a command-and-contro
Networkcycle.co[.]in is the address of a rogue webpage designed to promote browser notification spam and generate redirects to different (likely dubious/hazardous) sites. Most visitors access pages of this kind through redirects produced by websites that utilize rogue advertising networks. Our re
Suaiqi App is a PUA (Potentially Unwanted Application) discovered by our researchers in an installer promoted by a rogue website. This setup also included the fake "Save to Google Drive" browser extension. Upon investigation, we determined that Suaiqi App acts as a dropper for the Legion Loader ma
FlexibleFerret is a piece of malicious software belonging to a Mac malware family dubbed "Ferret". This group of programs is linked to North Korean threat actors. Ferret programs (including FlexibleFerret) have been spread through fake job interviews and software repositories. FlexibleFe
BlackLock is a ransomware-type virus that encrypts files and demands ransoms for the decryption. BlackLock renames encrypted files with a random character string and appends them with a likewise randomized extension. For example, on our test machine, a file named "1.jpg" became "bvir5rvqex4ak8d9.6
Our analysis reveals that CommonBoost behaves like typical adware, flooding users with intrusive ads that can lead to scams and other online dangers. Additionally, several security vendors have flagged CommonBoost as malicious. Thus, users should avoid installing this app and remove it if it is
Our researchers discovered the "Norton - This Mac Is Infected With Viruses" scam during a routine investigation of suspicious websites. It warns users that their Mac is infected and urges them to remove the threats. It must be emphasized that the claims made by this scam are false, and it is in
Our team has inspected the email and found that it is disguised as a message regarding a VAT (Value Added Tax) refund. It is crafted by scammers who aim to steal personal information from recipients. Emails of this type are classified as phishing emails. They should be ignored to avoid potential c
Destiny Stealer is an info-stealing malware targeting Discord, web browsers, cryptocurrency wallets, and various files. Cybercriminals can exploit the stolen information for various malicious purposes, such as identity theft, financial fraud, and unauthorized account access. Victims are advised to
LCRYPTX is a ransomware-type program discovered by our researchers during a routine inspection of file submissions to the VirusTotal website. Ransomware is a type of malware that encrypts data and demands payment for the decryption. On our testing system, LCRYPTX encrypted files and appended thei