During a routine examination of malware submitted to VirusTotal, we discovered a ransomware variant named Foxtrot. This ransomware encrypts files, appends the ".foxtrot70" extension to filenames, and generates a ransom note ("How_to_back_files.html"). We also found that Foxtrot belongs to the Medu
We have analyzed this email and found that it is a scam email posing as a business opportunity offer. In most cases, the scammers behind such emails aim to extract personal information and (or) money from unsuspecting individuals. It is important to recognize and ignore emails of this kind to avoi
We have examined safe-secure-protect[.]com and found that it is an unreliable website that can (if allowed) show misleading notifications. Pages like safe-secure-protect[.]com often use clickbait or other deceptive tactics to trick visitors into agreeing to receive their notifications. Users shoul
Can stealer is a malicious program designed to extract sensitive information from infected systems. It targets a variety of data but there's a particular focus on log-in credentials (usernames/passwords). According to Can stealer's promotional material, it has anti-analysis capabilities, s
Our researchers discovered the efgrghhindhimi[.]info rogue page during a routine inspection of dubious websites. After examining this webpage, we determined that it promotes spam browser notifications and generates redirects to different (likely unreliable/hazardous) sites. Efgrghhindhimi[.]info
SambaSpy is a remote access Trojan (RAT), a type of malware that cybercriminals often use to steal information and (or) distribute additional malware. Threat actors have been observed distributing SambaSpy via email. Interestingly, they target Italian users only. However, the attackers may broaden
Our research team discovered forenteion[.]com while browsing suspicious websites. After analyzing this rogue page, we learned that it promotes dubious content and browser notification spam. Forenteion[.]com can also redirect users to other (likely untrustworthy/dangerous) sites. Most visitors to
We have classified JoopApp as an unwanted application because at least one security vendor flags its installer as malicious on VirusTotal. Having apps like JoopApp installed on computers can pose security and privacy risks. Thus, users are advised not to install and remove such apps if they are al
While inspecting untrustworthy sites, our researchers discovered fondsmoney[.]com. This rogue webpage promotes browser notification spam and produces redirects to other (likely unreliable/malicious) websites. Most visitors to fondsmoney[.]com and similar pages access them through redirects caused
Bnfgnbheavynuo[.]info is a rogue page promoting browser notification spam and redirecting visitors to other (likely dubious/malicious) websites. Our researchers discovered this webpage while inspecting a Torrenting site that uses rogue advertising networks. In fact, redirects generated by website