After examining "Server Has Been Updated - Refresh Your Email", we determined that it is spam. This fake message states that multiple emails were undelivered, and the account must be refreshed to release them into the inbox. This mail promotes a phishing website targeting email account log-in cred
We have inspected andespath[.]top and discovered that it is created to lure visitors into accepting its notifications. Once permission is granted, andespath[.]top can show deceptive notifications. Therefore, users should avoid visiting andespath[.]top and never consent to receive notifications fro
Lotus-tab.com is a fake search engine. Typically, these sites cannot provide search results and redirect to legitimate search engines. Fraudulent search engines are commonly promoted (via redirects) by browser hijackers. At the time of research, lotus-tab.com was endorsed by Lotus - Your Daily Fo
While browsing suspect websites, our researchers found one promoting a rogue installer. Upon examination, we learned that it carries KipcApp – a PUA (Potentially Unwanted Application). The setup included multiple pieces of other suspicious software. PUAs are considered a threat, as they typically
The "Avoid Mailbox Interruption" email is spam. This fake message claims that incoming emails have been placed on hold. The goal of this mail is to trick recipients into visiting a phishing site that seeks to extract their account log-in credentials. This scam email states that incoming me
We have inspected this email and concluded that it is a phishing email. It is created to appear as a legitimate message regarding an ability to claim a large sum of money. Scammers behind this deceptive email aim to steal personal information and (or) money from unsuspecting recipients. Th
During a routine investigative session, our research team discovered this fake "$APU Airdrop Registration" website (allocation-apustaja[.]com; potentially, other domains). The page is presented as the official site of the APU cryptocurrency token (apu.com), which is running a limited-time airdrop
During our analysis of VipKeyLogger, we found that it is malware operating as a keylogger (keystroke logger). Threat actors use malware of this type to steal sensitive information from victims. We discovered that VipKeyLogger is delivered using fraudulent emails containing a malicious attachment.
CryptoAITools is the name of a cross-platform malware that seeks to steal cryptocurrency. This software can infect Windows and Mac operating systems. CryptoAITools is a malicious Python package, and it has been distributed via PyPI (Python Package Index) and GitHub. In the known campaigns, this m
After inspecting the "American Express - Payment On Hold" email, we determined that it is fake. This spam mail informs the recipient of a pending merchant credit, which will be charged after 48 hours. This email aims to lure recipients into visiting a phishing site that targets American Express ac