During our inspection of malware samples uploaded to VirusTotal, we discovered MZLFF, which operates as ransomware. This malware prevents victims from accessing files by encrypting them. Additionally, MZLFF appends its extension (".locked") to filenames and displays a ransom note in a pop-up windo
We have examined the page (stake-giveaways.pages[.]dev) and discovered that it promotes a fake $STAKE token giveaway. In order to deceive users, this site poses as the real one, stake.com, and has a very similar design. The purpose of the fake web page is to steal cryptocurrency from unsuspecting
We inspected andesview[.]top and found that it uses clickbait (a deceptive technique) to lure visitors into permitting it to show notifications. Such pages usually bombard users with fake warnings and other fake and misleading notifications (if they have permission to send them). Thus, andesview[.
Prizestash[.]com is a rogue page discovered by our researchers during a routine investigation of dubious websites. Upon inspection, we determined that this webpage promotes scams and browser notification spam. It can also redirect users to other (likely untrustworthy/dangerous) sites. Most visito
While inspecting deceptive sites, our researchers discovered an installation setup containing Oovi Appc. This piece of software is classed as a PUA (Potentially Unwanted Application). These apps typically possess harmful functionalities. What is more, PUAs tend to infiltrate systems in bundles (i
Our inspection of this "Capital One - Disputed Payment Posted To Your Account" email revealed that it is fake. This spam message notifies the recipient about a disputed transaction. The purpose of this phishing email is to deceive recipients into visiting a fraudulent Capital One sign-in page.
After reading this "Global Recovery Effort" email, we determined that it is spam. This message claims that the recipient might be eligible to receive compensation, as they may have been victimized by scammers. The purpose of this spam mail is to trick victims into disclosing sensitive information
We have examined amnow[.]xyz and discovered that it displays deceptive messages and asks for permission to show notifications. Users should never trust sites like amnow[.]xyz and avoid granting them permission to send notifications. Doing so could expose users to various scams and other online thr
MYWeb Watch is a browser-hijacking application discovered by our researchers during a routine investigation of dubious websites. Unlike most browser hijackers, which are extensions, MYWeb Watch does not modify browser settings in order to generate redirects to promoted webpages. Instead, this app
Our discovery of Killer Skull occurred while inspecting malware samples submitted to VirusTotal. Killer Skull is ransomware based on Chaos ransomware. It encrypts files, appends its extension (four random characters) to filenames, changes the desktop wallpaper, and provides a ransom note ("payment