VCURMS is a remote administration Trojan (RAT) that cybercriminals store on public services such as Amazon Web Services (AWS) and GitHub. This method allows the Trojan to conceal its presence and activities from security measures, making it more challenging to detect and remove from infected syste
Myultimatesafeguard[.]com is a page discovered by our researchers during a routine investigation of questionable websites. Upon inspection, we determined that this rogue webpage promotes scams and browser notification spam. It can also redirect users to other (likely dubious/malicious) sites. Pag
While analyzing malware samples uploaded to VirusTotal, we identified cursoDFIR, a ransomware variant engineered to encrypt files. Additionally, cursoDFIR appends its extension (".cursoDFIR") to filenames, changes the desktop wallpaper, and generates a text file ("meleaicara.txt") containing a ran
Ert is a malicious program belonging to the Xorist ransomware family. It is designed to encrypt data and demand payment for the decryption. Our researchers discovered this malware while reviewing new submissions to the VirusTotal platform. When we executed a sample of Ert on our testing system, i
After examination, it has come to light that notifgetnews[.]com utilizes clickbait, a deceitful strategy, to coax visitors into agreeing to receive notifications. Furthermore, notifgetnews[.]com has the potential to redirect users to similar websites. Therefore, visitors are advised against placin
During our examination of the email, we found it to be a deceptive message impersonating a threat from a hacker. The scammer responsible for this email intends to trick recipients into thinking that compromising videos will be distributed to others unless they meet the specified demands. These typ
Upon analysis, it has been discovered that news-lifume[.]com employs clickbait, a deceptive tactic, to deceive visitors into consenting to receive notifications. Additionally, news-lifume[.]com has the capability to redirect users to comparable web pages, potentially leading to further manipulatio
After conducting an analysis of the MosasaurusHoffmannii application, we have concluded that it is a malicious extension that is being distributed through a deceptive webpage. This extension can activate the "Managed by your organization" feature, access and modify various data, and manage other e
After inspecting the "Discover Card Payment On Hold" email, we determined that it is fake. This spam letter is presented as an alert from Discover Bank. It informs the recipient of a suspicious charge pending on their account. This phishing email aims to lead users to a fake Discover website, thus
In our analysis, we found that Dragon Angel operates as a browser hijacker, aiming to promote a bogus search engine by altering the browser's settings. Furthermore, Dragon Angel may possess the ability to collect browsing-related and other information. Users should remove this app from hijacked br