Our team has inspected V (ransomware belonging to the Dharma family) and found that it encrypts files and appends the victim's ID, an email address, and the ".V" extension to files. It also displays a ransom note (a pop-up message) and creates a text file, "info.txt". Our discovery of V ransomware
During our inspection of loadpremiumapp[.]monster, we found that it is used to distribute unwanted and potentially malicious applications (similar to Tiaow VApp, Woiap WApp, Kowi SApp, Disoaq App, and other apps). The site also requests permission to show notifications, which it can use to promote
We have inspected the site and found that it is a scam page designed to trick visitors into believing that they must take immediate action to protect their computers. Typically, users get tricked into opening such sites, or they are redirected to them through other web pages of this kind. This and
Our research team found the ServiceOptimizer application while browsing file submissions to the VirusTotal platform. After examining this piece of software, we determined that it is adware from the AdLoad malware family. Adware stands for advertising-supported software. Its purpose is to
Our examination of the "Capital One - Card Purchase Is Under Review" email revealed that it is fake. This is a phishing scam that targets online bank account log-in credentials. It must be emphasized that the information in this message is false, and this email is not associated with the actual Ca
BlackMoon, also known as KrBanker, is a malware categorized as a banking trojan. It has been around since 2014 and has undergone significant changes in its multiple iterations. In the first known attacks involving this malware, it was used to target the customers of South Korean banks. The purpos
During our analysis, we concluded that this is one of the fake crypto giveaways where fraudsters impersonate famous personalities to trick people into sending cryptocurrency. This scam also involves a deepfake. This and similar web pages should be ignored and closed if ever encountered to avoid mo
SpiderParadise is ransomware designed to make files inaccessible by encrypting them. It provides a ransom note (a text file named "HOW_TO_RECOVER.txt") containing payment and contact information. Unlike most ransomware, SpiderParadise does not append any extension to files. Screenshot of files
Pentagon is a malicious program written in the Go programming language. It is classified as a stealer because it is designed to extract and exfiltrate vulnerable information from compromised devices. Pentagon operates as a stealer – a type of malware that steals data from infected systems.
We have inspected the email and discovered that it is used to trick unsuspecting recipients into disclosing personal information on a fake web page. Thus, we classified it as a phishing email. Usually, scammers behind such emails pretend to be legitimate companies or other entities. This p