ICanFix is ransomware that our team has discovered while examining malware samples submitted to VirusTotal. Our analysis shows that ICanFix is part of the MedusaLocker family and is designed to encrypt files, append the ".icanfix" extension to files, drop a ransom note ("READ_NOTE.html"), and chan
During our inspection, we discovered that this website (event-tulsa[.]fun) is a fraudulent copy of the original Black WallStreet page (black-wallstreet.netlify.app). Its purpose is to deceive visitors into believing that they can receive cryptocurrency through a giveaway. However, this airdrop is
Our researchers have discovered Cdd while inspecting samples uploaded to VirusTotal. Cdd is ransomware belonging to the Makop family. After execution, the ransomware encrypts files, provides a ransom note ("+README-WARNING+.txt"), and changes the desktop wallpaper. Cdd also renames files by appen
Our team has analysed the page (event-pyra[.]fun) and concluded that it imitates the original PYRA website, pyrachain.io. The fake site promotes a fake cryptocurrency giveaway, an airdrop to lure visitors into taking steps that could lead to permanent cryptocurrency loss. Thus, it is highly advisa
We have inspected search.ansiblealgorithm.com and found that it is a fake search engine because it does not generate results. Moreover, it may collect various data. It is also important to mention that fake search engines are often associated with browser hijackers. Users should not trust search.a
After reviewing the website (claim-goyim.pages[.]dev), we identified it as a scam. It falsely offers visitors the opportunity to join a cryptocurrency airdrop. The attackers behind this site aim to steal funds from users' crypto wallets, meaning that engaging with it could lead to serious financia
Xillen is an information stealer often distributed through other malware, such as Amadey. Once executed on the device, it gathers various information and sends it to cybercriminals. Having the system infected with Xillen can result in issues such as identity theft and financial loss. Thus, if dete
We have tested the malware and found that it is ransomware belonging to the MedusaLocker family. Once executed, Venere encrypts files and appends the ".Venere1" extension (the included number might vary). For example, it renames "1.jpg" to "1.jpg.Venere1", "2.png" to "2.png.Venere1", and so forth.
Our team has found that this is a phishing email designed to appear as a notification from the email service provider. It includes a link to a fake site created to trick visitors into disclosing personal information. Recipients should ignore this email to avoid account hijacking and further issues
Arsink is a Remote Access Trojan (RAT) targeting Android operating systems. It is a sophisticated malware that allows attackers to remotely access/control devices and exfiltrate a variety of sensitive data. Arsink is distributed worldwide through opportunistic campaigns, under the guise of various