Evelyn is an information stealer designed to avoid security analysis while it gathers data. The malware can pilfer data such as saved browser passwords, clipboard contents, Wi‑Fi credentials, cryptocurrency wallets, and other information. All stolen information is then sent to the threat actor's c
Our researchers discovered the Lab malicious program while browsing new file submissions to the VirusTotal website. This software is part of the Makop ransomware family. On our test machine, Lab ransomware encrypted files and changed their filenames. Original filenames were appended with a unique
EndRAT is malware that spreads through phishing links designed to look like legitimate advertisements. It is classified as a remote access trojan (RAT) that allows attackers to remotely control infected systems, execute commands, and carry out other malicious activities. If detected on a device, E
We have inspected the website and determined that it is a scam. This fraudulent scheme involves fake warnings designed to trick visitors into contacting scammers. Falling for such scams can lead to consequences such as identity theft, computer infections, or financial losses. This and similar we
We have examined the malware and found it to be ransomware. Our team has discovered Redgov while inspecting malware samples submitted to VirusTotal. Once a system is infiltrated, Redgov encrypts files, appends the ".redgov" extension to files, and drops a ransom note ("!!!_DECRYPT_INFO_!!!.txt").
Our team has examined the malware and concluded that it is ransomware belonging to the Makop family. After execution, Decrypt encrypts files, modifies filenames (by appending the victim's ID and the ".decrypt" extension), changes the desktop wallpaper, and provides a ransom note ("+README-WARNING+
Our analysis has revealed that it is a scam email (a phishing attempt) posing as a security reminder from the email service provider. Scammers use it to steal personal information through a fake website. Recipients of this email should ignore and delete it to avoid the potential outcomes.
Our research team found corphthele[.]com while investigating untrustworthy websites. After inspecting this rogue page, we determined that it promotes browser notification spam and redirects visitors to other (likely unreliable/dangerous) sites. Most users access corphthele[.]com and analogous webp
Our inspection of the "Fedex - Incoming Package Notification" email revealed that it is fake. The spam message instructs the recipient to check their delivery address to receive their package. It must be emphasized that this email is not associated with the actual FedEx Corporation. The goal of th
Browsinglive.net is a fake search engine discovered by our research team during the analysis of the Safe Browsing Live browser hijacker. This website cannot provide search results and redirects to genuine Internet search sites. Illegitimate search engines typically collect information about their