We have tested the Cork.app application and learned that it is designed to generate intrusive advertisements. Typically, apps that behave like Cork.app are classified as adware. It is important to mention that Cork.app is part of the Pirrit family and has been flagged as malicious by over twenty
We have inspected gettllingovert[.]info and concluded that the purpose of this page is to receive permission to show notifications. However, gettllingovert[.]info uses a deceptive method to obtain this permission. Typically, when such sites are allowed to send notifications, they bombard users wit
After inspecting this "$CATE Airdrop", promoted on claim-cateoneth[.]com (could be hosted elsewhere), is fake. The scam claims to be distributing the CATE token. In fact, it operates as a cryptocurrency drainer – by draining digital assets from victims' cryptowallets. IMPORTANT NOTE: We do n
After reviewing this "Degussa Bank" email, we determined that it is fake. This spam letter requests the recipient to complete an identity verification process. The goal is to extract sensitive information through a phishing website. It must be emphasized that this scam email is in no way associate
PondRAT is a malicious software targeting Mac OSes. It is classed as a Remote Access Trojan (RAT). These trojans tend to be versatile, and their purpose is to allow remote access/control over infected devices. Code similarities with malware (e.g., POOLRAT) used by Gleaming Pisces (aka Citrine S
Necro is a Trojan that targets Android users. Threat actors deliver it via modified versions of well-known apps and those found on official app stores like Google Play. Necro uses certain techniques to hide its malicious payloads to evade detection and can perform various malicious activities.
While browsing suspicious websites, our researchers discovered a deceptive page promoting the "movie-web remastered extension". This browser extension promises to enhance the streaming experience. After examining it, we determined that this extension is advertising-supported software (adware).
Our team has reviewed gamadspro[.]com and discovered that the site uses clickbait to gain permission to show notifications. Typically, notifications from sites like gamadspro[.]com are deceptive and promote questionable content. Therefore, users should avoid agreeing to receive notifications from
While investigating suspicious websites, our research team discovered a group of rogue webpages sharing the "first-tl" domain. First-tl-139-d[.]buzz is an example of a page belonging to this family; the numbers and/or the letter in these domains can differ. The goal of first-tl webpages is to tri
Our team has examined gamadshub[.]com and found that this page employs clickbait to receive permission to send notifications. In most cases, notifications from websites like gamadshub[.]com are misleading and promote shady sites. Thus, users should not agree to receive them and should avoid visiti