We discovered this Luck ransomware during a routine investigation of new submissions to the VirusTotal website. This malicious program is part of the MedusaLocker ransomware family. After we executed a sample of Luck (MedusaLocker) ransomware on our test machine, it encrypted files and appended t
We have inspected altitudeedge[.]top and found that it uses clickbait to lure visitors into allowing it to send notifications. Our analysis has shown that altitudeedge[.]top shows deceptive notifications that can expose users to various online threats. Therefore, altitudeedge[.]top should not be t
Plestawn[.]com is a rogue page that promotes browser notification spam and redirects users to other (likely untrustworthy/malicious) websites. The majority of visitors to such webpages access them via redirects produced by sites utilizing rogue advertising networks. In fact, our researchers disco
Our research team discovered the mctop[.]fun rogue page during a routine investigation of suspicious websites. After investigating this webpage, we learned that it promotes online scams and browser notification spam. Additionally, mctop[.]fun can generate redirects to different (likely dubious/mal
After reading this "Qatar Airways" email, we determined that it is fake. This spam message is presented as a business opportunity. It must be emphasized that this scam offer is in no way associated with the actual Qatar Airways or any other legitimate entities. The likely purpose of this email is
While browsing new file submissions to the VirusTotal platform, our researchers discovered a malicious program called Black. It is based on the Prince ransomware. This program is designed to encrypt data and demand ransoms for the decryption. On our test machine, Black (Prince) ransomware encrypt
PlainGnome is an Android-specific spyware. It is designed to record and steal vulnerable information from infected devices. PlainGnome emerged in 2024. This malware is associated with Gamaredon (also known as Primitive Bear and Shuckworm) – a Russian state-backed threat actor, specifically affili
BoneSpy is an Android-targeting spyware that has been around since at least 2021. This malicious program has its basis from the Russian open-source surveillance software DroidWatcher. BoneSpy is associated with a Russian threat actor dubbed Gamaredon (aka Primitive Bear and Shuckworm). This group
Our discovery of X101 occurred during the inspection of samples submitted to VirusTotal. Upon examining X101, we concluded that it is ransomware that encrypts files, generates a ransom note ("!!!HOW_TO_DECRYPT!!!.TXT"), and renames files by appending the victim's ID and ".X101" extension. For ins
Our examination of the "Failed Login Attempt" email revealed that it is spam. It promotes a phishing scam that targets email log-in credentials. This deceptive message claims that a failed sign-in attempt has been registered on the recipient's account. The spam email with the subject "UNUS