During our inspection of app-methprotocol[.]co, we discovered that it is a fraudulent website designed to trick visitors into taking steps that could lead to financial loss. Such sites often use convincing designs to appear legitimate. The deceptive site in question is disguised as a cryptocurrenc
Ajina (also known as Mamont) is a banking Trojan targeting Android users. It is known for stealing financial information and two-factor authentication (2FA) messages. Ajina is distributed by disguising it as legitimate banking and other apps. Cybercriminals behind Ajina have been observed targetin
While browsing suspicious websites, our researchers discovered the stonecoremason[.]top rogue page. It promotes browser notification spam and redirects visitors to other (likely dubious/malicious) sites. Users most commonly enter webpages like stonecoremason[.]top via redirects caused by websites
After inspecting the "Someone Used Your Webmail Password" email, we determined that it is spam. This mail is promoting a phishing scam that targets email log-in credentials by claiming that an unrecognized sign-in attempt was blocked. The spam email with the subject "Mailbox Unusual Sign-i
While inspecting a deceptive download page, our researchers discovered a rogue installer carrying the GxuApp PUA (Potentially Unwanted Application). Programs within this category typically possess harmful functionalities. PUAs are often bundled with other suspicious software, and the GxuApp insta
Our research team discovered the ZAKI ESCOVINDA ransomware during a routine investigation of new file submissions to the VirusTotal platform. This malicious program belongs to the Chaos ransomware family. ZAKI ESCOVINDA encrypts data and demands payment for the decryption. On our test machine, th
Our researchers discovered the SmartSearch browser hijacker while analyzing a rogue installation setup. SmartSearch modifies browser settings to produce redirects to promoted websites. This browser extension is also considered a privacy threat, as software within this classification typically spie
RedRose is the name of a ransomware-type virus. Malicious software within this category operates by encrypting files and demanding payment for their decryption. RedRose functions the same. It renames encrypted files to a random string of numbers and appends them with a ".RedRose" extension. To el
While investigating new submissions to the VirusTotal site, our researchers discovered the Pgp ransomware. This malicious program belongs to the Makop ransomware family. Malware within this classification encrypts data and demands payment for its decryption. Pgp (Makop) ransomware encrypted files
During our inspection of sscreenads[.]com, we found that it is a deceptive web page created to deceive visitors by displaying misleading content. The purpose of sscreenads.com is to obtain permission to show notifications. Usually, notifications originating from such sites take users to dubious pa