While analyzing malware samples uploaded to the VirusTotal platform, we discovered Hawk, a ransomware variant designed to encrypt files. In addition to encrypting data, Hawk creates a ransom note ("#Recover-Files.txt") and appends the victim's ID, sup.logical@gmail.com email address, and the ".haw
PlayBoy LOCKER is ransomware designed to encrypt files and append the ".PLBOY" extrension to filenames. It also generates a text file ("INSTRUCTIONS.txt") containing a ransom note and changes the desktop wallpaper. An example of how PlayBoy LOCKER modifies filenames: it changes "1.jpg" to "1.jpg.P
Our team has analyzed this email and uncovered that it is a phishing email created to trick recipients into disclosing personal information on a fake web page. This fraudulent email is disguised as a notification from an email service provider. Whoever receives it should ignore it to avoid privacy
Gonor[.]xyz is the address of a rogue webpage discovered by our researchers during a routine investigation of suspicious sites. After inspecting this page, we determined that it promotes browser notification spam and generates redirects to other (likely unreliable/hazardous) websites. Users prima
Our research team discovered the appcloud-center[.]com rogue page while browsing questionable websites. Upon inspection, we learned that this webpage endorses browser notification spam and redirects users to different (likely dubious/malicious) sites. Most visitors access pages like appcloud-cent
After examining the "Outlook - Upgraded Version Now Available" email, we determined that it is spam. This message states that the recipient must upgrade their account or risk its deactivation. The purpose of this mail is to trick users into disclosing their account log-in credentials to a phishing
Upon inspection of the "Claim Your Dreamloops NFT Mystery Box" email, we determined that it is spam. This letter lures users into visiting a scam website by promising the chance to claim a mystery box containing various valuable rewards. At the time of research, this spam mail promoted the "Axie
"Axie Infinity Claim" is a scam impersonating the Axie Infinity blockchain game website. The fake page – conorandrobin[.]com (could be hosted elsewhere) – supposedly allows users to claim NFTs (Non-Fungible Tokens). Instead, users who connect their digital wallets expose them to a crypto drainer.
BLASSA is a malicious program categorized as ransomware. Malware of this kind operates by encrypting data and demanding ransoms for its decryption. After we executed a sample of BLASSA on our test machine, it encrypted files and added a ".blassa" extension to their filenames. For example, a file
Our team has inspected withbtrads[.]top and learned that this website cannot be trusted. It displays deceptive content (uses a clickbait technique) to obtain permission to show notifications. Typically, when users agree to receive notifications from such pages, they are bombarded with fake warning