TodoSwift is a malicious program classed a dropper. Discovered in the summer of 2024, this malware is designed to deliver second-stage payloads while displaying a decoy document to victims. TodoSwift exhibits similar behavior to malware developed and used by a North Korean state-backed threat a
While browsing dubious websites, our researchers discovered the aoudadsclub[.]org rogue page. It operates by promoting browser notification spam and redirecting users to other (likely unreliable/harmful) sites. Users most commonly enter webpages like aoudadsclub[.]org via redirects caused by webs
While analyzing a rogue installation setup, our researchers discovered the HyperSearch browser hijacker. This extension makes changes to browser settings in order to promote (via redirects) the findflarex.com fake search engine. Typically, browser hijackers assign endorsed websites as the
After inspecting the "Claim FREE $DADDY", as promoted on daddycoin[.]online, we determined that it is a scam. It is presented as a cryptocurrency airdrop – in fact, this scheme operates as a crypto drainer. Victims of the "Claim FREE $DADDY" scam experience financial loss. It must be emphasized t
Our inspection of the "Review This File Below" email revealed that it is spam. This letter is presented as a notification concerning a sent file. The purpose of this email is to lure recipients into visiting a phishing site that targets email account log-in credentials (passwords). The spa
We have examined reloadsreviews[.]top and concluded that this page cannot be trusted. The purpose of reloadsreviews[.]top is to deceive visitors into allowing it to display notifications. To achieve this, reloadsreviews[.]top uses a misleading tactic known as clickbait. Thus, users should not visi
After inspecting the "Luciano Pavarotti Testament" email, we determined that it is spam. The letter claims that the recipient has been named as a beneficiary in the Will of the late great operatic tenor – Luciano Pavarotti. It must be stressed that the claims made by this email are false, and thi
Rocinante is a piece of malware classified as a Trojan. This malware targets Android devices. Rocinante has been observed targeting most of the banking institutions in Brazil. Cybercriminals behind the malware use phishing websites to deliver it. Victims of Rocinante can suffer monetary losses and
During our examination of globaletes[.]org we learned that it is a deceptive site designed to trick visitors into granting it permission to show notifications. Globaletes[.]org uses a clickbait technique to receive this permission. Therefore, users should avoid visiting globaletes[.]org. O
MoneyIsTime is ransomware designed to encrypt files on the infected computer. Our discovery of MoneyIsTime occured during inspection of malware samples submitted to VirusTotal. In addition to encrypting files, MoneyIsTime renames them (by appending a string of random characters and the ".moneyisti