After inspecting the "ACH Payment From Craftmaster Hardware" email, we determined that it is spam. The fake letter claims that the recipient will receive a payment of over 10k USD. Details of this transaction can be found in the attachment, which is a phishing file that targets recipients' email a
After inspecting "Metis Dao Quest Registration", as hosted on quest.metisprotcols[.]com, we determined that it is fake. This scam impersonates the Metis platform (metis.io). The scheme promises rewards for certain activities with the goal of luring users into exposing their cryptowallets to a cryp
Jordaniablog[.]com is a rogue webpage discovered by our researchers during a routine investigation of suspect sites. After examining this page, we learned that it pushes browser notification spam and redirects users to other (likely dubious/malicious) websites. Most visitors enter webpages like j
Our research team found the globalcetsgroup[.]com rogue page while investigating dubious websites. Upon examination, we learned that this webpage endorses browser notification spam and redirects users to different (likely unreliable/hazardous) sites. Most visitors enter globalcetsgroup[.]com and
We have inspected this email and concluded that it is a scam email designed to trick recipients into disclosing personal information. The scammers behind this phishing campaign pretend to be representatives of Wells Fargo, a legitimate financial services company. Recipients should be careful with
During our examination of the OCEANS malware, we found that it operates as ransomware. Once a computer is compromised, OCEANS encrypts files and appends four random characters to filenames. Also, OCEANS ransomware changes the desktop wallpaper and generates a ransom note ("OPEN_THIS.txt"). We dis
During our examination of eusblog[.]com, we discovered that it is a deceptive web page created to trick visitors into permitting it to send notifications. In addition to displaying deceptive content, eusblog[.]com redirects visitors to similar websites. Thus, users should not trust eusblog[.]com o
After investigating the "American Express Card Deactivation" email, we determined that it is fake. This spam mail aims to steal recipients' American Express accounts by falsely claiming that their cards have been temporarily deactivated. It must be emphasized that this phishing email is in no way
While inspecting a rogue browser extension called Wonders Tab, we discovered the wonderstab.com fake search engine. This extension changes browser settings to endorse (via redirects) the wonderstab.com site. Due to this behavior, Wonders Tab is considered a browser hijacker. Browser hijack
Veza is a ransomware variant from the Djvu family that we discovered during analysis of malware samples uploaded to VirusTotal. We found that apart from encrypting files, Veza appends the ".veza" extension to filenames and generates a text file ("_readme.txt") containing a ransom note. It is also