BARADAI is ransomware we found while examining malware samples submitted to VirusTotal. It belongs to the MedusaLocker ransomware family. Upon infiltrating a system, BARADAI encrypts files, appends the ".BARADAI" extension to their filenames, and creates an HTML ransom note. On our test machine,
After reviewing the email, we determined that it is a misleading message pretending to come from a cloud service provider. It directs users to fraudulent websites that display false warnings and instructions intended to deceive visitors into taking certain actions. The email should be ignored and
We have inspected the email and found that it is a deceptive message designed to appear as a notification from a cloud service provider. It promotes fraudulent websites that show fake messages to trick visitors into following the provided steps. Recipients should ignore this email to avoid the ass
Rex is ransomware that our researchers discovered while examining malware samples uploaded to the VirusTotal website. It encrypts files stored on the victim's system, appends a new extension to each filename, creates an HTML ransom note, and claims to have stolen confidential data from the victim'
We have tested aisearchapp.net and found that it is a fake search engine promoted through an unwanted extension. That extension (called AI Search) is a browser hijacker. It is not advisable to use questionable search engines and browser hijackers, as they could lead to malicious sites and other is
Overlord is a Remote Access Trojan (RAT) written in the Go programming language. It targets both Windows and macOS systems, with first detections recorded in South Korea. On macOS, Overlord can establish a persistent connection to an attacker-controlled server, capture keyboard and mouse input,
Our analysis shows that this is a phishing email designed to trick recipients into believing that it is a message from their cloud service provider. The email includes a link to a fake website designed to pilfer personal information. Falling for this scam can lead to account hijacking and further
We have examined the message and found that it is a phishing attempt. It is used by scammers who seek to steal personal information through a deceptive website. Victims of this scam may lose access to their personal accounts and encounter issues such as identity theft or monetary loss. Recipients
Our analysis of app.sparkfi[.]guru revealed a fraudulent page impersonating the legitimate Spark platform. It promotes a fake voting rewards event, claiming the first 1,000 voters will receive an "Assets Boost." In reality, the site is a cryptocurrency drainer - connecting a wallet triggers an aut
During our examination of the jito-network[.]vip site, we found that this page promotes a fake Jito Staked SOL ($JITOSOL) airdrop. Further analysis revealed that it is a fraudulent page designed to steal cryptocurrency from visitors by tricking them into connecting their digital wallets. IMP