Kasseika is a ransomware-type program. It operates by encrypting data in order to demand payment for the decryption. On our test machine, Kasseika encrypted files and altered their filenames. Original file titles were appended with an extension comprising a random character string. To elaborate,
Xeno is a sophisticated Remote Access Trojan (RAT) that empowers operators (threat actors) to control computers remotely. It is written in C# programming language and designed to operate seamlessly on Windows 10 and 11 operating systems. Victims should remove it from infected systems as soon as po
After analysis, we concluded that DefaultPositive displays intrusive advertisements, placing it in the category of adware. Users often install such applications without a complete understanding of their full range of functionalities. It is recommended to avoid downloading and installing apps lik
After inspecting the "Token Terminal's Airdrop", we determined that it is a scam. It imitates the Token Terminal platform running an airdrop, and a cryptocurrency-draining mechanism is jumpstarted once a victim exposes their account to this bogus giveaway. This scam masquerades as the Toke
When examining SphyrnaMokarran, it was observed that it can read and modify data on visited websites, control themes and extensions in the compromised browser, and activate the "Managed by your organization" feature in Chrome and Edge browsers. It is crucial to emphasize that SphyrnaMokarran is di
After a careful examination, it is evident that SimpleIntegration exhibits intrusive advertisements, categorizing it as adware or advertising-supported software. Another notable aspect of applications like SimpleIntegration is their tendency to collect diverse user information. Typically, users
Upon analysis, it became evident that this is a fraudulent scheme disguised as a cryptocurrency airdrop, employing deceptive emails and a misleading webpage to lure individuals into participation. The primary objective of these scammers is to illicitly obtain cryptocurrency from unsuspecting victi
While checking out new submissions to the VirusTotal platform, our research team found the FileInterface app. Upon examination, we are determined that it is advertising-supported software (adware). FileInterface is part of the AdLoad malware family. Adware operates by running intrusive a
TechWebNavigator is a rogue application that we found during a routine investigation of new file submissions to the VirusTotal site. After analyzing this piece of software, we determined that it is adware belonging to the AdLoad malware family. TechWebNavigator runs intrusive ad campaigns and ma
Upon inspection of the "De.Fi Launchpad Airdrop", we determined that it is a scam. This scheme imitates the legitimate De.Fi online platform, and the known domains used by the fake sites mimic that of the original – de.fi (https://de.fi/). The scam is presented as an airdrop of an unspecified tok