"Saudi Aramco email scam" refers to spam campaigns impersonating business offers from Saudi Aramco. We investigated four email variants distributed through said campaigns. However, this is a longstanding scam with many email versions. It must be emphasized that these spam emails are not associate
After inspecting this "Mitsubishi Corp." email, we determined that it is spam. The fake message impersonates an order inquiry from "Mitsubishi Corporation USA". This scam can operate in a variety of ways, most likely by targeting sensitive information or victims' funds directly. It must be emphas
Cash is a ransomware-type program developed by the same threat actor behind Cash RAT (Remote Access Trojan) and MintStealer. Ransomware is designed to encrypt data and demand payment for the decryption. After executing a sample of Cash on our test machine, we learned that it appends the filenames
Cash is the name of a Remote Access Trojan (RAT). Malware within this classification is designed to allow remote access and control over compromised machines. This trojan was first observed in 2022, with its latest version emerging in the spring of 2024. The initial variant of Cash had significant
DeerStealer is an information stealer distributed via the Google search engine through fake Google ads. Cybercriminals target users by presenting malicious ads that appear legitimate, tricking them into downloading the stealer. Once on the victim's machine, DeerStealer can harvest sensitive inform
During our examination of searchresultsadblocker.com, we found that it is a fake search engine promoted via a browser hijacker (an unwanted extension). Typically, users add extensions promoting addresses like searchresultsadblocker.com unintentionally. It is important for users to be cautious of s
News-xofapi[.]com is a rogue webpage discovered by our researchers during a routine inspection of suspicious sites. After reviewing this page, we learned that it endorses browser notification spam and redirects users to other (likely untrustworthy/malicious) websites. Visitors primarily access we
LockBit 5 is ransomware (a type of malware that encrypts files). In addition to encrypting files, LockBit 5 appends its extension (random characters) to filenames. Also, this ransomware changes the desktop wallpaper and provides a ransom note. The name of its ransom note consists of its extension
Our inspection of the "Email Password Must Renew Soon" email revealed that it is spam. This hoax message informs recipients that their email account password will expire soon. The goal is to trick them into disclosing their account log-in credentials to a phishing website. The spam email w
Our analysis of secochkd[.]xyz has shown that it is a deceptive website designed to trick visitors into accepting its notifications. Users are strongly advised against agreeing to receive notifications from such pages, as their notifications can lead to malicious web pages. Secochkd[.]xyz