We discovered the "Free Penguin NFT" scam while inspecting spam emails. This scheme is presented as the OpenSea platform (opensea.io) offering a free NFT (Non-Fungible Token). It operates as a cryptocurrency drainer. It must be emphasized that this giveaway is fake, and it is in no way associated
Snowblind is a piece of malicious software targeting Android devices. This malware has been around since at least early 2024. Snowblind is capable of variously manipulating applications; it has been leveraged against Southeast Asian banking apps. By far the most notable feature of this malicious
After inspecting "Humanitarian Aid To Palestinians", we determined that it is a scam. It imitates the website of the Anera humanitarian organization (anera.org). This scheme lures users into exposing their digital wallets to a crypto drainer by presenting it as a donation effort for Palestinians
Our research team discovered an installer containing PubQuo promoted by a deceptive webpage, which was accessed via a redirect generated by a Torrenting website using rogue advertising networks. PubQuo is a PUA (Potentially Unwanted Application). Software within this classification typically has
Rafel (also known as Ratel) is an open-source Remote Access Trojan (RAT) that targets Android devices. This program enables remote control over infected machines. Rafel can manipulate devices, steal data, and operate as ransomware. This RAT is compatible with Android versions 5 through 12 and has
Our researchers discovered ExtendedGuide while investigating new submissions to the VirusTotal site. Upon inspection, we learned that this application is adware. ExtendedGuide is part of the AdLoad malware family. Advertising-supported software is designed to feed users with unwanted and malicio
CommonParameter is a rogue app that we found during a routine inspection of new file submissions to the VirusTotal website. After examining this piece of software, we determined that it is adware from the AdLoad malware family. CommonParameter is designed to run intrusive ad campaigns, and it ma
While browsing new file submissions to the VirusTotal platform, our research team discovered the AssistRadio app. Our examination revealed that it is advertising-supported software (adware) from the AdLoad malware family. AssistRadio is designed to generate revenue for its developers through adv
Our researchers found nonprilor[.]com while investigating suspicious websites. Upon examination, we determine that this rogue webpage promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites. Most visitors to nonprilor[.]com and similar pages happen upon
Our research team discovered the ConnectionTiming app while investigating new file submissions to the VirusTotal platform. After examining this application, we learned that it is advertising-supported software (adware). ConnectionTiming is part of the AdLoad malware family. This software is desi