We have reviewed the email and determined that it is a phishing message containing a link to a fake website. The scammers behind this email seek to steal personal information that can be misused to hijack accounts. Stolen accounts can be misused for malicious purposes. Overall, this scam email sho
We have examined the malware and found that Draxo is ransomware. Our discovery of this ransomware occurred during an inspection of samples uploaded to VirusTotal. Once launched, Draxo encrypts files and appends four random characters to filenames. For instance, it renames "1.jpg" to "1.jpg.uuwf" a
Our analysis shows that this is a scam email designed to trick recipients into believing that their cloud account has been suspended. It promotes deceptive websites. No claims in this email or the linked scam websites are true, so they should be ignored. If received, this scam email should be dele
Black TENGU is ransomware that our team found while examining samples uploaded to VirusTotal. Once executed, Black TENGU encrypts files and changes their names by appending the ".TENGU" extension. For instance, it renames "1.jpg" to "1.jpg.TENGU" and "2.png" to "2.png.TENGU". Also, Black TENGU cre
Storm is an information stealer that is sold for between $300 and $1,800. It is written in C++ and is capable of stealing files and information from various apps and extensions, taking screenshots, and loading and executing files. Victims may encounter issues like identity theft, financial loss, a
We have inspected the email and concluded that it is designed to appear as a "delivery failure notice" from the email service provider. It includes a link to a fake login website designed to steal personal information. Victims of this scam may lose access to email accounts and encounter further is
UNC is ransomware from the Dharma family. Our team has discovered this ransomware during an analysis of malware samples uploaded to VirusTotal. After execution, UNC encrypts files and appends the victim's ID, an email address, and the ".UNC" extension to them. It also displays a ransom note (and c
During our examination of skyeco-vote[.]com, we found that this page impersonates the legitimate Sky.money platform and falsely promotes voting rewards for SKY token holders. The site is, in reality, a cryptocurrency drainer designed to steal digital assets from any visitor who connects a wallet t
After inspecting this email, we determined that it is a phishing scam. The message poses as an urgent notification from the recipient's email service provider, claiming that a system update has been completed and that the recipient's mailbox must be re-confirmed within 24 hours or it will be perma
Our research team identified Elite Enterprise while analyzing new file submissions on VirusTotal. Elite Enterprise is ransomware that encrypts files on compromised machines and demands a ransom for decryption. Unlike most ransomware, it does not append any extension to encrypted files - their name