SoumniBot is an Android-specific malware. It utilizes sophisticated anti-analysis and anti-detection techniques. This malicious program is designed to exfiltrate sensitive data from devices, with a particular focus on banking-related information. SoumniBot has been observed being leveraged in atta
During our examination of the website, we discovered a scam operation hosted on it. This scam is crafted to deceive visitors by presenting them with what appears to be a safety warning from a reputable security company. Such warnings are designed to instill a sense of urgency and fear, coercing vi
ClipWallet is a clipper-type malware that targets multiple operating systems, including macOS, Windows, and Linux/Unix. This malicious program is written in the Go programming language. ClipWallet is designed to reroute outgoing cryptocurrency transactions by replacing digital wallet addresses.
Our research team discovered the "Page-error.com official extension" while investigating a Torrenting site that utilizes rogue advertising networks. This software is endorsed as a tool for solving web errors and providing alternatives when a sought website is down. However, the rogue browser exte
During our inspection of the MagnaEngine browser extension, we found that it operates as a browser hijacker. This extension hijacks a browser by changing its settings. The purpose of MagnaEngine is to promote a fake search engine. Also, MagnaEngine enables the "Managed by your organization" featur
While inspecting new submissions to the VirusTotal platform, our research team discovered a malicious program named IRIS. It is based on the Chaos ransomware. IRIS encrypts files and demands payment for their decryption. On our testing system, this ransomware locked files and appended their filen
After thoroughly examining the website (blockdag[.]services), we have confirmed it to be a fraudulent imitation of the official BlockDAG Network website. The creators of this deceptive page intend to steal digital assets (cryptocurrency) from unsuspecting victims. Consequently, it is strongly advi
During our inspection, we discovered that Rincrypt 2.0 is ransomware based on Chaos ransomware. We discovered Rincrypt 2.0 while inspecting malware samples submitted to VirusTotal. This ransomware appends four random characters to the names of encrypted files, changes the desktop wallpaper, and cr
"Claim Ethena" is a scam presented as the official Ethena website. Users are lured into "connecting" their digital wallets by a promise of being able to claim the ENA (Ethena) cryptocurrency. Instead, the scheme triggers a crypto drainer that can steal funds out of exposed wallets. The "Cl
Our researchers discovered the Total Audio Formatter app while investigating a P2P sharing (Torrenting) site that uses rogue advertising networks. It is a Potentially Unwanted Application (PUA). Software within this classification often has harmful capabilities. Additionally, installers like the