We have tested the PrimeLookup browser extension and found that adding it results in browser hijacking. Usually, extensions of this type change the settings of web browsers to promote certain addresses. PrimeLookup hijacks web browsers to promote finditfasts.com, a fake search engine. Upon
VXUG is ransomware, which our team discovered during an inspection of samples submitted to VirusTotal. We found that VXUG is a variant of CryLock. Once infiltrated, it encrypts and renames files and creates a ransom note ("how_to_decrypt.hta"). VXUG appends an email address, a number, and a victim
Our analysis of the email has revealed that it is a fraudulent letter masquerading as a notification from MetaMask regarding wallet verification. The scammers behind this phishing scheme aim to lure unsuspecting recipients into disclosing personal information on a fake web page. Recipients should
While analyzing malware samples uploaded to the VirusTotal platform, we discovered Hawk, a ransomware variant designed to encrypt files. In addition to encrypting data, Hawk creates a ransom note ("#Recover-Files.txt") and appends the victim's ID, sup.logical@gmail.com email address, and the ".haw
PlayBoy LOCKER is ransomware designed to encrypt files and append the ".PLBOY" extrension to filenames. It also generates a text file ("INSTRUCTIONS.txt") containing a ransom note and changes the desktop wallpaper. An example of how PlayBoy LOCKER modifies filenames: it changes "1.jpg" to "1.jpg.P
Our team has analyzed this email and uncovered that it is a phishing email created to trick recipients into disclosing personal information on a fake web page. This fraudulent email is disguised as a notification from an email service provider. Whoever receives it should ignore it to avoid privacy
Gonor[.]xyz is the address of a rogue webpage discovered by our researchers during a routine investigation of suspicious sites. After inspecting this page, we determined that it promotes browser notification spam and generates redirects to other (likely unreliable/hazardous) websites. Users prima
Our research team discovered the appcloud-center[.]com rogue page while browsing questionable websites. Upon inspection, we learned that this webpage endorses browser notification spam and redirects users to different (likely dubious/malicious) sites. Most visitors access pages like appcloud-cent
After examining the "Outlook - Upgraded Version Now Available" email, we determined that it is spam. This message states that the recipient must upgrade their account or risk its deactivation. The purpose of this mail is to trick users into disclosing their account log-in credentials to a phishing
Upon inspection of the "Claim Your Dreamloops NFT Mystery Box" email, we determined that it is spam. This letter lures users into visiting a scam website by promising the chance to claim a mystery box containing various valuable rewards. At the time of research, this spam mail promoted the "Axie