Our research team found Malware Mage ransomware during a routine investigation of new submissions to the VirusTotal platform. Malicious software within this classification encrypts data and demands ransoms for its decryption. Once we launched a sample of Malware Mage on our testing system, it enc
Fog is ransomware designed to encrypt files and append the ".FOG" or ".FLOCKED" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.FOG" (or "1.jpg.FLOCKED") and "2.png" to "2.png.FOG" (or "2.png.FLOCKED"). Also, Fog ransomware drops the "readme.txt" file containing a ransom note.
Our researchers discovered PDFCastle PUA (Potentially Unwanted Application) while inspecting untrustworthy websites. According to its promotional material, this app allows users to view, create, edit, and convert PDFs to other formats (including Microsoft Word documents). Instead of operating as
We have examined this email and found that it is a fake confirmation notification supposedly from PayPal. Scammers behind this email are likely attempting to trick recipients into providing sensitive information, transferring money, or taking other actions. Recipients are strongly advised not to r
After investigating the "DOGEVERSE Pre-launch", as promoted on appsclaim-dogeverse[.]com, we determined that it is a scam. It is an almost perfect visual copy of the Dogeverse ecosystem (thedogeverse[.]com). The fake site operates as a phishing scam and targets victims' cryptowallet log-in credent
Our team has examined the site (blockchainsynced.pages[.]dev) and discovered that it is a scam website posing as a platform offering a protocol for syncing various cryptocurrency wallets. On this scam page, individuals are instructed to connect their wallets, which can lead to the loss of their cr
While examining malware samples submitted to VirusTotal, we discovered a ransomware variant belonging to the Makop family known as DORRA. This ransomware is designed to prevent victims from accessing their files by encrypting them. Also, DORRA renames files and provides a ransom note ("+README-WAR
Our research team discovered the nwsbstwrld[.]com rogue page while browsing suspicious websites. After examining this webpage, we determined that it endorses browser notification spam and generates redirects to different (likely dubious/malicious) sites. Nwsbstwrld[.]com and pages akin to it are
After inspecting the "e-Mail Support Center" letter, we determined that it is spam. It promotes a phishing scam – the email makes false claims regarding the recipient's account password expiring soon in order to trick them into disclosing it. Thus, the scheme enables scammers to steal exposed emai
"Word Online Extension Is Not Installed" is part of the campaign (known as ClickFix) utilized to infect victims' devices with the DarkGate malware. This scheme was observed being promoted via spam emails instructing recipients to open their HTML attachments. These files display fake pop-ups claim