Our analysis indicates that TechBoost functions as adware: the app bombards users with intrusive advertisements that may expose them to scams and other online threats. Furthermore, multiple security vendors have classified TechBoost as malicious. Therefore, users should refrain from installing t
While browsing suspicious sites, our researchers discovered the "DebugDappNode Wallet Connection" scam. The deceptive page (swiftlivechain.pages[.]dev; potentially other domains) claims to be able to rectify various cryptocurrency wallet issues. Instead, the scam operates as a drainer – by stealin
Tiny FUD is a Trojan that targets macOS users. The term FUD (Fully Undetectable) implies that the malware is built to avoid detection by antivirus and other security tools. It tricks security software by changing process names, using DYLD injection, and running commands from a command-and-contro
Networkcycle.co[.]in is the address of a rogue webpage designed to promote browser notification spam and generate redirects to different (likely dubious/hazardous) sites. Most visitors access pages of this kind through redirects produced by websites that utilize rogue advertising networks. Our re
Suaiqi App is a PUA (Potentially Unwanted Application) discovered by our researchers in an installer promoted by a rogue website. This setup also included the fake "Save to Google Drive" browser extension. Upon investigation, we determined that Suaiqi App acts as a dropper for the Legion Loader ma
FlexibleFerret is a piece of malicious software belonging to a Mac malware family dubbed "Ferret". This group of programs is linked to North Korean threat actors. Ferret programs (including FlexibleFerret) have been spread through fake job interviews and software repositories. FlexibleFe
BlackLock is a ransomware-type virus that encrypts files and demands ransoms for the decryption. BlackLock renames encrypted files with a random character string and appends them with a likewise randomized extension. For example, on our test machine, a file named "1.jpg" became "bvir5rvqex4ak8d9.6
Our analysis reveals that CommonBoost behaves like typical adware, flooding users with intrusive ads that can lead to scams and other online dangers. Additionally, several security vendors have flagged CommonBoost as malicious. Thus, users should avoid installing this app and remove it if it is
Our researchers discovered the "Norton - This Mac Is Infected With Viruses" scam during a routine investigation of suspicious websites. It warns users that their Mac is infected and urges them to remove the threats. It must be emphasized that the claims made by this scam are false, and it is in
Our team has inspected the email and found that it is disguised as a message regarding a VAT (Value Added Tax) refund. It is crafted by scammers who aim to steal personal information from recipients. Emails of this type are classified as phishing emails. They should be ignored to avoid potential c