Lalia is ransomware that we discovered while analyzing malware samples uploaded to VirusTotal. Once a device is infected, Lalia encrypts files and changes their filenames by appending the ".lalia" extension. For example, it renames "1.jpg" to "1.jpg.lalia" and "2.png" to "2.png.lalia". It also pro
We have examined the Shift application and concluded that it is an unwanted application. Its installer is flagged as malicious by multiple security vendors, which indicates that it may gather information or perform other unwanted actions. Installing Shift may lead to privacy and security issues. T
LofyStealer is an information-stealing malware distributed as a fake Minecraft cheating tool named (known as Slinky). It attempts to trick victims into launching the malware by using the official Minecraft icon and presenting itself as a legitimate utility. Once active, LofyStealer can collect sen
BirdCall is malware classified as a backdoor. It targets Android users and is delivered using a compromised gaming platform. It is known that BirdCall was previously used in attacks targeting Windows users. BirdCall is mainly used to steal information and is capable of executing commands. If detec
Our team has found that entivrio[.]com is designed to trick visitors into agreeing to receive its notifications. The site displays deceptive instructions to receive permission to deliver notifications. Following those instructions can result in getting fake warnings and similar messages used to pr
We have inspected the message and concluded that it is a phishing attempt. Cybercriminals behind this email seek to trick recipients into believing that it is a security-related notification. Their goal is to lure unsuspecting recipients into contacting them. Falling for this scam can result in fi
Our analysis has revealed that this is a fake "prize award notification" sent by scammers. It is designed to deceive recipients into believing that they have won a large cash prize. However, no prize actually exists, and falling for this scam email can lead to financial loss, identity theft, or ot
We have inspected the message and concluded that it is designed to appear as an alert from the recipient's email service provider. It contains a link to a fake website used by scammers to steal personal information. Victims of this scam may be unable to access their email accounts and may encounte
Needle Stealer is a modular information stealer written in Golang that harvests saved browser credentials, cryptocurrency wallet files, messaging app data, and other sensitive files from infected computers. It also installs a companion malicious browser extension that gives attackers real-time con
Aur0ra is a ransomware-type program analyzed after it was submitted to VirusTotal. It encrypts victims' files to block access to them, and also claims to have exfiltrated confidential data from the compromised system prior to encryption. This dual-threat approach means victims face not only locked