Cronus is malware that operates as ransomware. We discovered it while examining samples uploaded to VirusTotal. During our inspection, Cronus encrypted files and replaced their extensions with five random characters. It also changed the desktop wallpaper and provided a ransom note ("cronus.txt").
After inspecting the "Messages Have Been Temporarily Held" email, we determined that it is spam. This phishing letter claims multiple messages were withheld from reaching the recipient's inbox. The spam mail lures victims into disclosing their email account log-in credentials under the guise of a
BadPack is an APK file that has been intentionally crafted to be malicious. Usually, this involves a threat actor modifying the header information in the APK file's compressed format. A couple of examples of Android malware that uses BadPack are BianLian, Cerberus, and TeaBot. APK files ar
Our analysis of the email has shown that it is a phishing email disguised as a letter regarding a purchase order. Typically, phishing emails are utilized for the purpose of extracting personal information from recipients. Recipients should ignore this and similar emails to avoid possible consequen
We have inspected this email and concluded that it is a phishing attempt masquerading as a notification regarding the suspension of the recipient's MetaMask wallet. This scam email is created by scammers with the intention of extracting personal information from recipients. Whoever receives this e
Our research team found AssistField while browsing new file submissions to the VirusTotal website. After analyzing this application, we determined that it is advertising-supported software. This adware belongs to the AdLoad malware family. AssistField is designed to feed users with unwanted and
After investigating this "Wells Fargo - Unusual Account Activity" email, we determined that it is fake. The spam email claims the recipient's online bank account has been temporarily suspended due to suspicious activity. This lure tricks recipients into disclosing their account log-in credentials
Odejdi[.]info is a rogue website discovered during a routine investigation of untrustworthy sites undertaken by our researchers. This page promotes browser notification spam and redirects visitors to other (likely unreliable/hazardous) websites. Most users access odejdi[.]info and sites akin to i
Lynx is a piece of malicious software classed as ransomware. This malware encrypts files and demands ransoms for its decryption. After executing Lynx ransomware on our test machine, we found that the files it encrypts have the ".LYNX" extension appended to their names. To elaborate, a file initia
We have examined the DefaultLocator application and concluded that it functions as adware. The purpose of DefaultLocator is to bombard users with various advertisements. In most cases, users install such apps accidentally. If DefaultLocator or a similar app is installed on a computer, it should