Upon examination, we determined that the "DHL - Customs Clearance" email is fake. This spam email is malspam. It lures recipients by claiming that the attached file contains documents concerning a shipment's customs clearance. The attachment is intended to infect victims' computers with malware.
During our analysis of the email we found that it is a phishing attempt (a phishing email). Scammers who crafter this email aim to trick recipients into believing they have received a notification from an email service provider. Therir ultimate goal is to steal personal information from recipients
Our researchers discovered a ransomware-type program from the Makop family called Defi while inspecting new submissions to the VirusTotal website. Ransomware functions by encrypting victims' data to demand that they pay a ransom for the decryption. On our testing system, Defi encrypted files and
Our research team found totalalltimebestdefender[.]info during a routine investigation of suspicious websites. Upon examination, we determined that this rogue page promotes browser notification spam and redirects users to other (likely unreliable/harmful) sites. The majority of visitors enter web
The Bully is a ransomware-type program discovered by our researchers during a routine inspection of new submissions to the VirusTotal site. The Bully is based on Chaos ransomware. Malicious software within this classification is designed to encrypt data and demand payment for the decryption. Afte
While inspecting news-xhovico[.]cc, our team found that the site employs a deceptive tactic called clickbait. This method is used to entice visitors to accept notifications from news-xhovico[.]cc. Once granted permission, sites like this typically deliver intrusive and misleading notifications.
While reviewing new malware submissions to the VirusTotal platform, our research team discovered the DennisTheHitman ransomware. This malicious program is part of the GlobeImposter ransomware family. This class of malware operates by encrypting data to demand payment for its decryption. On our te
We discovered that toneadds[.]com is a deceptive website designed to lure visitors into taking action resulting in permitting the page to show notifications. Our examination of toneadds[.]com revealed that it can send untrustworthy notifications. Therefore, toneadds[.]com should not be granted per
During our analysis of NoDeep, we found that it is ransomware from the Proton family. It encrypts files, appends an email address (nodeep@tutamail.com) and its extension (".nodeep") to filenames, and drops a ransom note ("#Read-for-recovery.txt"). Our discovery of NoDeep occured while inspecting s
Dark Eye is ransomware belonging to the Xorist family. We discovered it while checking malware samples submitted to VirusTotal. This ransomware encrypts files and appends the ".darkeye" extension to filenames. It also provides a ransom note (it displays a pop-up window, changes the desktop wallpap