After examining this "Mailbox Issue Identified" email, we learned that it is spam. It falsely claims that the recipient may experience service interruptions due to an unresolved mailbox error. The goal is to lure victims into visiting a phishing site that targets email log-in credentials (password
Tianrui is a ransomware-type virus discovered by our researchers during a routine inspection of new submissions to the VirusTotal site. This malicious program is identical to other ransomware, including Hush, MoneyIsTime, and Boramae. Ransomware encrypts data and demands payment for the decryption
We have inspected the email and found that it is a typical advance fee (or a similar) scam. Scammers behind it aim to trick recipients into transferring money and (or) disclosing personal information. Typically, such emails promise a large sum of money for "participation". They should be ignored.
EndPoint is ransomware from the Babuk family. Our team discovered it during an inspection of malware samples uploaded to VirusTotal. It encrypts files and appends the ".endpoint" extension to them. For instance, it changes "1.jpg" to "1.jpg.endpoint" and "2.png" to "2.png.endpoint". EndPoint also
After inspecting this "Your Chase Banking Has Been Disabled" email, we determined that it is fake. By alerting the recipient that their Chase account was disabled, this email aims to trick them into disclosing their log-in credentials. It must be emphasized that the information in this phishing m
After examining this "Updated Service Terms" email, we determined that it is spam. It alerts recipients of updated terms of service that were not accepted; thus, their email accounts will be deactivated. This message endorses a phishing site targeting email log-in credentials. This spam em
Upon examining this "Quote That Meets Our Requirements" email, we learned that it is spam. This phishing message asks the recipient to provide a quote according to the requirements in the shared document. The promoted fake file transferring website targets email account log-in credentials.
Snapinterruptfilesave[.]com is a rogue page discovered by our research team during a routine investigation of suspicious websites. It operates by promoting dubious content and browser notification spam. Additionally, the webpage can redirect users elsewhere (likely unreliable/malicious) sites. Mo
While analyzing a rogue installer, our researchers discovered the "Klio Verfair Tools" PUA (Potentially Unwanted Application). This app is designed to infiltrate the Legion Loader malware into systems. At the time of research, Klio Verfair Tools was installed together with another PUA called Suma
While investigating new file submissions to the VirusTotal website, our research team discovered the P*zdec ransomware (the asterisk stands for the letter "i", and it will be censored in this manner throughout this article). This malicious program is part of the GlobeImposter ransomware family. O