Our researchers found the Z1n ransomware during a routine inspection of new file submissions to the VirusTotal platform. Z1n is part of the Dharma ransomware family. This malicious program encrypts data and demands ransoms for its decryption. On our testing system, this ransomware encrypted files
Our analysis of the Browser-Surf application reveals that it functions as a browser extension designed to promote a particular URL (browser-surf.xyz) by modifying web browser settings. This modus operandi is commonly referred to as browser hijacking. It is advised to exercise caution with such app
Upon scrutinizing the email, we have found it to be a fraudulent notification purportedly from American Express. Crafted by scammers, it intends to entice recipients to access a deceptive website and divulge their personal information. Such emails fall under the category of phishing attempts.
BackMyData is a ransomware variant belonging to the Phobos family that we discovered during an inspection of malware samples submitted to VirusTotal. We found that BackMyData encrypts files, renames files, and provides two ransom notes ("info.hta" and "info.txt"). BackMyData renames files by appe
RustDoor is a Mac-targeting malware written in the Rust programming language. This malicious program has been around since at least the autumn of 2023. At the time of writing, three variants of RustDoor have been discovered (with the initial one speculated to be a test version). This program is
Upon closer inspection of the application, we identified that Extended Search - Default Search is a browser hijacker that promotes extended-search.com. This extension hijacks a browser by modifying its settings. Also, Extended Search - Default Search may be capable of collecting browsing-related a
Upon reviewing the email, we have determined that it is a fraudulent message masquerading as a business proposal. The scammers intend to entice recipients into participating in an advance-fee scheme. Furthermore, it is imperative to exercise caution and refrain from disclosing any information in r
Our researchers found the SaveSysBoot application while checking out new file submissions to the VirusTotal site. After investigating this piece of software, we determined that it is adware from the AdLoad malware family. SaveSysBoot runs intrusive advertisement campaigns, and it may have additi
After inspecting "PayPal Stablecoin", we determined that it is a scam imitating the PayPal online payment/ money transferring platform. This fake site offers users the chance to claim PayPal USD cryptocurrency. The scheme operates as a crypto drainer. This scam mimics the design of PayPal'
Upon inspecting "Tesla Space X Investment", we determined that it is a scam. It is presented as an elaborate online platform offering investments and other related services. However, its purpose is to deceive users into transferring cryptocurrency to the scammers' wallets. This scam appear