Rocinante is a piece of malware classified as a Trojan. This malware targets Android devices. Rocinante has been observed targeting most of the banking institutions in Brazil. Cybercriminals behind the malware use phishing websites to deliver it. Victims of Rocinante can suffer monetary losses and
During our examination of globaletes[.]org we learned that it is a deceptive site designed to trick visitors into granting it permission to show notifications. Globaletes[.]org uses a clickbait technique to receive this permission. Therefore, users should avoid visiting globaletes[.]org. O
MoneyIsTime is ransomware designed to encrypt files on the infected computer. Our discovery of MoneyIsTime occured during inspection of malware samples submitted to VirusTotal. In addition to encrypting files, MoneyIsTime renames them (by appending a string of random characters and the ".moneyisti
We have analyzed this email and found that it is a fraudulent email designed to trick recipients into believing that they have received an invoice. The scammers behind this email seek to extract personal information from recipients. It is strongly recommended not to respond to such emails or open
Our analysis of glukubairaw[.]com has shown that it displays shady content and can show misleading notifications. Usually, sites like glukubairaw[.]com are promoted using deceptive methods to trick users into visiting them. Users should not visit glukubairaw[.]com and agree to receive its notifica
Our research team discovered ovelatishly[.]com during a routine investigation of untrustworthy websites. This rogue webpage promotes spam browser notifications and generates redirects to other (likely dubious/dangerous) sites. The majority of visitors to ovelatishly[.]com and pages into it access
Our researchers discovered the "Top Two" browser extension while inspecting dubious sites. After examining this software, we learned that it is a browser hijacker. Top Two changes browser settings to endorse (via redirects) the toptosearch.com fake search engine. Typically, browser hijacke
Upon examining this "OneDrive - A Secured File Has Been Shared" email, we determined that it is fake. This spam letter attempts to deceive recipients into revealing their account log-in credentials by presenting them with a phishing website disguised as a OneDrive page. This spam email is
While analyzing a rogue installation setup, our researchers discovered the WeatherZero PUA (Potentially Unwanted Application). This app provides a desktop widget that displays local weather data. However, PUAs often possess harmful functionalities and tend to infiltrate systems in bundles. The in
While investigating suspect sites, our research team discovered this "CyberLama Mint" scam promoted on cyberlama-tyn.pages[.]dev (keep in mind that it could be hosted elsewhere). This scheme operates as a cryptocurrency drainer – it drains digital assets from exposed cryptowallets. It must be emp