Upon analysis, the ATCK malware was determined to be a member of the Dharma family and operate as ransomware. We discovered ATCK during the examination of malware samples submitted to VirusTotal. Upon infiltration, ATCK encrypts files, delivers two ransom notes ("info.txt" and a pop-up window cont
Our research team discovered the WebCoordinator application during a routine investigation of new submissions to the VirusTotal site. Upon examination, it became evident that WebCoordinator is adware from the AdLoad malware family. Advertising-supported software is designed to generate revenue t
System Utilities is a piece of software endorsed as a system optimization tool capable of scanning folders, removing unused/junk files, uninstalling programs, eliminating autostart for software, etc. This app is promoted using dubious methods – hence, it is classed as a PUA (Potentially Unwanted A
Upon inspection, we determined that the "Products On LinkedIn" email is spam. The letter is presented as a potential purchase inquiry. The goal of this mail is to deceive recipients into disclosing their email account log-in credentials to a phishing site. The spam email with the subject "
Sharp is a stealer-type malware. This malicious program is capable of extracting vulnerable information from browsers, gaming-related software, messengers, cryptocurrency wallets, and other apps. Based on the data profile sought by Sharp stealer, it is possible that this malware targets gamers. S
Our researchers found the Silver Wave app bundled in an installer endorsed by a deceptive webpage, which was accessed via a redirect from a Torrenting website that employs rogue advertising networks. Aside from containing the Silver Wave PUA (Potentially Unwanted Application), the installation set
MadMxShell is malware, a backdoor designed to infiltrate Windows systems. What sets it apart is its method of communication with its C2 server. Instead of using conventional channels, like direct connections or standard internet protocols, MadMxShell employs DNS MX queries for communication.
After examining this "$MAGE PRESALE REGISTRATION" website (presale.magebtc-register[.]com), we determined that it is a scam. The fake webpage is running a presale for the Mage token. Users who "register" for this event expose their cryptowallets to a cryptocurrency drainer, which is designed to si
During our assessment of getgriascenter[.]com, it was discerned that this page is deceptive. The only purpose of this page is to trick visitors into agreeing to receive notifications. As a rule, notifications from sites like getgriascenter[.]com lead to unreliable websites. Thus, getgriascenter[.]
After investigating the "Standard Bank IT3(b) Policy" email, we determined that it is fake. It is presented as a notification from South Africa's Standard Bank regarding an IT3(b) policy update. This spam mail aims to trick recipients into providing their online bank log-in credentials to a phishi