We have inspected the email and concluded that it is a phishing email masquerading as a booking inquiry from Pretpark Tours, a travel agency in the Netherlands. This scam email is designed to trick recipients into opening a deceptive website and entering personal information. Falling for it can re
Our analysis shows that this is a phishing email posing as an invoice from HSBC, a legitimate financial services company. Like most phishing emails, this one is designed to trick recipients into sharing personal information on a fake website. Such messages should be ignored to avoid account hijack
While browsing untrustworthy websites, our research team discovered migmenable[.]com. It is a rogue webpage that promotes browser notification spam and generates redirects to other (likely dubious/harmful) sites. Most visitors to migmenable[.]com and similar pages access them through redirects cau
ShadyPanda is a family of malicious browser extensions responsible for over four million infections. These extensions are connected by overlapping code, identical obfuscation, and shared infrastructure. Some operated as advertised and remained dormant for years before an update introduced maliciou
Syntrix is a RAT (Remote Access Trojan) based on the Quasar RAT (specifically, the 1.4.1 version). Trojans within this classification are designed to allow attackers to access and control devices remotely. Syntrix was developed with an emphasis on stealth. It is a multifunctional piece of maliciou
After inspecting this "Change To The Webmail Access Interface" email, we determined that it is spam. The message urges recipients to update their email account information to avoid interruptions to the service. This spam campaign aims to trick users into disclosing their account log-in credentials
OctoRAT is a remote access Trojan built on the .NET platform. The malware supports over 70 commands, employs persistence methods, and has various ways to bypass UAC and elevate privileges, as well as broad information-gathering capabilities. The functionality and overall design indicate that it is
We have checked this website (testnet-lifeai[.]org) and found that it imitates the original LIFE AI site (lifeai.io). This fraudulent copy is designed to trick visitors into believing that they can receive free tokens. However, it is not a real airdrop and the true purpose of this scam is to steal
Our examination of gerrevitergene.co[.]in shows that it relies on misleading content to pressure visitors into allowing notifications. Once permission is given, it typically sends false alerts and other deceptive notifications that lead users to various unreliable websites. Overall, gerrevitergene
Sysdoz is ransomware that our team has found while inspecting malware samples uploaded to VirusTotal. We have discovered that Sysdoz encrypts files and changes their filenames, and provides a ransom note ("README.TXT"). It appends the victim's ID and the ".sysdoz" extension to filenames. For exam