Our research team discovered DynamicMore while browsing new file submissions to the VirusTotal platform. Upon examination, we learned that this application is adware belonging to the AdLoad malware family. DynamicMore runs intrusive advertisement campaigns, and it may possess other harmful capab
"AZUKI Elementals" is a fake webpage impersonating the official Azuki website. We found this scam under the azuki-elementals-waitlist.pages[.]dev URL, but it could also be promoted on others. The scheme operates as a cryptocurrency drainer. Victims of such scams experience financial loss by havin
PartitionControl is a rogue application discovered by our researchers during a routine inspection of new submissions to VirusTotal. After investigating this software, we determined that it is adware. PartitionControl is part of the AdLoad malware family. Advertising-supported software (adware) i
While investigating new submissions to the VirusTotal site, we discovered the JOKER ransomware. This malicious program is based on Chaos ransomware. Malicious software within this classification encrypts data and demands payment for its decryption. On our testing machine, JOKER (Chaos) ransomware
Our examination of the page (kinto-19q.pages[.]dev) has shown that it is a copy of kinto[.]xyz. The fake website is created by scammers who indent to steal cryptocurrency from unsuspecting individuals. They aim to achieve it by tricking individuals into taking specific steps. Thus, kinto-19q.pages
We have reviewed the email and found that it is written by scammers who pretend to be representatives of WalletConnect, a legitimate IT service management company. This scam email is utilized to trick recipients into disclosing personal information via a fake web page. Recipients should ignore thi
This "CoinMarketCap Token Presale" is fake. The scam is supposedly running a presale event with a 10% bonus, and when users attempt to participate – they are tricked into exposing their digital wallets to a cryptocurrency drainer. Hence, victims of this scam can lose all or most of the funds stor
CyberVolk is ransomware designed to encrypt files and append the ".cvenc" extension to filenames. Also, CyberVolk displays a pop-up window and creates the "CyberVolk_ReadMe.txt" file containing a ransom note. An example of how CyberVolk renames files: it changes "1.jpg" to "1.jpg.cvenc", "2.png" t
After examining UpgradeConnection, we discovered that it generates multiple intrusive advertisements. Therefore, we have categorized UpgradeConnection as adware. Such software is often marketed as useful without fully disclosing its functionality. Users are advised not to download and install ap
Cyb3r Bytes is a variant of CyberVolk ransomware. Once a computer is infected with Cyb3r Bytes, files become encrypted and the ".cvenc" extension is appended to their filenames. Also, two ransom notes containing similar text are generated: a pop-up window and the "CyberVolk_ReadMe.txt" file. An e