During our examination of malware samples on VirusTotal, we discovered a ransomware variant belonging to the Makop family dubbed Datah. This ransomware encrypts files and creates a ransom note ("+README-WARNING+.txt") containing contact information and other details. Also, Datah renames files. Da
Upon examination of defendsafe[.]site, it has been determined to be a deceptive website designed to present misleading content. Also, this site wants to send notifications. It is worth noting that users do not visit such pages on purpose. Usually, they end up on such pages through similar websites
While browsing untrustworthy websites, our researchers discovered a page endorsing a fake "cracked" software. After downloading the installer, we learned that it contains SDeck Free MediaPlayer and a bunch of other unwanted/harmful software. Due to the dubious methods used to promote SDeck Free M
Upon examination of the PassengerPigeon application, it has been determined to be a malicious extension disseminated via untrustworthy platforms. This extension possesses the ability to trigger the "Managed by your organization" function, infiltrate and tamper with diverse data sets, and oversee o
Upon scrutinizing the email, it has come to light that it is a scam designed to deceive unsuspecting recipients into transferring money and potentially divulging personal information. It is imperative to remain vigilant and refrain from engaging in such fraudulent attempts to safeguard your financ
After analysis, it has been determined that check-tl-ver consists of a series of domains with numerical variations in their URLs. Examples include check-tl-ver-12-7[.]top and check-tl-ver-24-1[.]com, showcasing this pattern. The top-level domains also vary (e.g., they can be .top and .com). The c
Our researchers found the ActivityOverall app while inspecting new file submissions to the VirusTotal site. Upon examination, we determined that it is adware from the AdLoad malware family. ActivityOverall is designed to generate revenue for its developers. Adware stands for advertising-
While reviewing new malware submissions to VirusTotal, our research team discovered Farao ransomware. It is based on the Chaos ransomware. This malicious program operates by encrypting files and demanding payment for their decryption. On our testing system, Farao encrypted files and appended an e
After analyzing selfdefscan[.]site, we concluded that it is a deceptive website crafted to showcase counterfeit messages and other elements, aiming to deceive visitors into taking specific actions. Typically, users stumble upon such sites through similar platforms or other suspicious channels. It
While investigating deceptive websites, our researchers discovered the PDFtoDocPro application. It is endorsed as a tool that allows users to read, create, and edit PDF format documents. However, upon inspection, we determined that it is a PUA (Potentially Unwanted Application). Apps within this