Our researchers discovered EnhancementSkills while investigating new submissions to the VirusTotal site. After examining this app, we determined that it is adware from the AdLoad malware family. EnhancementSkills is designed to run intrusive advertisement campaigns. Adware stands for adv
While inspecting suspicious sites, our researchers discovered ratorsa[.]com. This rogue webpage endorses browser notification spam and causes redirects to other (likely untrustworthy/harmful) websites. The majority of users access ratorsa[.]com and similar pages via redirects generated by sites us
Our research team found Malware Mage ransomware during a routine investigation of new submissions to the VirusTotal platform. Malicious software within this classification encrypts data and demands ransoms for its decryption. Once we launched a sample of Malware Mage on our testing system, it enc
Fog is ransomware designed to encrypt files and append the ".FOG" or ".FLOCKED" extension to filenames. For instance, it renames "1.jpg" to "1.jpg.FOG" (or "1.jpg.FLOCKED") and "2.png" to "2.png.FOG" (or "2.png.FLOCKED"). Also, Fog ransomware drops the "readme.txt" file containing a ransom note.
Our researchers discovered PDFCastle PUA (Potentially Unwanted Application) while inspecting untrustworthy websites. According to its promotional material, this app allows users to view, create, edit, and convert PDFs to other formats (including Microsoft Word documents). Instead of operating as
We have examined this email and found that it is a fake confirmation notification supposedly from PayPal. Scammers behind this email are likely attempting to trick recipients into providing sensitive information, transferring money, or taking other actions. Recipients are strongly advised not to r
After investigating the "DOGEVERSE Pre-launch", as promoted on appsclaim-dogeverse[.]com, we determined that it is a scam. It is an almost perfect visual copy of the Dogeverse ecosystem (thedogeverse[.]com). The fake site operates as a phishing scam and targets victims' cryptowallet log-in credent
Our team has examined the site (blockchainsynced.pages[.]dev) and discovered that it is a scam website posing as a platform offering a protocol for syncing various cryptocurrency wallets. On this scam page, individuals are instructed to connect their wallets, which can lead to the loss of their cr
While examining malware samples submitted to VirusTotal, we discovered a ransomware variant belonging to the Makop family known as DORRA. This ransomware is designed to prevent victims from accessing their files by encrypting them. Also, DORRA renames files and provides a ransom note ("+README-WAR
Our research team discovered the nwsbstwrld[.]com rogue page while browsing suspicious websites. After examining this webpage, we determined that it endorses browser notification spam and generates redirects to different (likely dubious/malicious) sites. Nwsbstwrld[.]com and pages akin to it are