Our team discovered Asulo while inspecting samples uploaded to the VirusTotal platforms. Our key findings are that Asulo is ransomware from the Xorist family designed to encrypt files and append the ".asulo" extension to them. Additionally, Asulo changes the desktop wallpaper, displays a pop-up wi
Our inspection of the AdEscape has revealed that it is a browser extension capable of delivering unwanted advertisements. For this reason, we classified AdEscape as adware. It is worth noting that this extension is promoted using deceptive websites and ads displayed by it may lead to potentially m
Our team has inspected the email and found that this is a fake notification regarding an unusual login activity. The email includes a deceptive link designed to open a fake website. On this site, users are instructed to provide personal information. The goal of this scam is to extract that informa
GhostSpy is Android malware known for its sophisticated evasion, persistence, and device surveillance methods. Once executed, it maintains a continuous connection to its command-and-control (C2) server and enables extensive remote access and spying capabilities on the compromised device. Victims a
Our researchers discovered stylegridconnect[.]com while investigating suspicious websites. Upon analysis, we learned that this rogue page endorses scams and browser notification spam. It can also redirect users to different (likely dubious/malicious) sites. Most visitors to stylegridconnect[.]com
Katz is the name of a stealer-type malware. As the classification implies, this malicious program is designed to steal vulnerable information from infected devices and installed software. Katz targets log-in credentials, cryptocurrency wallets, and other data. This stealer is promoted as MaaS (Mal
Our research team discovered this fake "Binance" airdrop during a routine investigation of suspicious websites. The deceptive page promotes a cryptocurrency drainer, which operates by draining funds from exposed digital wallets. It must be stressed that this scam is not associated with Binance Hol
Our researchers discovered this fake "loopedHYPE (LHYPE)" airdrop while investigating suspicious websites. This scam imitates the Looped Hype (LHYPE) protocol site and operates as a cryptocurrency drainer. In other words, this bogus airdrop siphons digital assets from victims' cryptowallets.
We have inspected the website (app-hyperlend[.]com) and discovered that it is a fake site presented as the original one (hyperlend.finance). Its purpose is to lure unsuspecting visitors into taking steps that can lead to cryptocurrency theft. It is important to be careful when encountering such si
DEVMAN is ransomware that encrypts files and generates a ransom note ("README.yAGRTb.txt") containing contact and payment information. It also changes the desktop wallpaper and appends the ".yAGRTb" extension to files. For example, DEVMAN renames "1.jpg" to "1.jpg.yAGRTb", "2.png" to "2.png.yAGRTb