BadPack is an APK file that has been intentionally crafted to be malicious. Usually, this involves a threat actor modifying the header information in the APK file's compressed format. A couple of examples of Android malware that uses BadPack are BianLian, Cerberus, and TeaBot. APK files ar
Our analysis of the email has shown that it is a phishing email disguised as a letter regarding a purchase order. Typically, phishing emails are utilized for the purpose of extracting personal information from recipients. Recipients should ignore this and similar emails to avoid possible consequen
We have inspected this email and concluded that it is a phishing attempt masquerading as a notification regarding the suspension of the recipient's MetaMask wallet. This scam email is created by scammers with the intention of extracting personal information from recipients. Whoever receives this e
Our research team found AssistField while browsing new file submissions to the VirusTotal website. After analyzing this application, we determined that it is advertising-supported software. This adware belongs to the AdLoad malware family. AssistField is designed to feed users with unwanted and
After investigating this "Wells Fargo - Unusual Account Activity" email, we determined that it is fake. The spam email claims the recipient's online bank account has been temporarily suspended due to suspicious activity. This lure tricks recipients into disclosing their account log-in credentials
Odejdi[.]info is a rogue website discovered during a routine investigation of untrustworthy sites undertaken by our researchers. This page promotes browser notification spam and redirects visitors to other (likely unreliable/hazardous) websites. Most users access odejdi[.]info and sites akin to i
Lynx is a piece of malicious software classed as ransomware. This malware encrypts files and demands ransoms for its decryption. After executing Lynx ransomware on our test machine, we found that the files it encrypts have the ".LYNX" extension appended to their names. To elaborate, a file initia
We have examined the DefaultLocator application and concluded that it functions as adware. The purpose of DefaultLocator is to bombard users with various advertisements. In most cases, users install such apps accidentally. If DefaultLocator or a similar app is installed on a computer, it should
HorrorDead is a ransomware-type program discovered by our research team during a routine investigation of new submissions to the VirusTotal platform. Ransomware is designed to encrypt files and demand payment for the decryption. On our testing system, HorrorDead encrypted files and appended their
During our analysis of ForceLock we found that it is ransomware belonging to the GlobeImposter family. Once a computer is infected, ForceLock encrypts files, appends the ".forcelock" extension to filenames, and creates a ransom note ("how_to_back_files.html"). For example, it renames "1.jpg" to "1