After analyzing this scam, we have found that it involves deceptive websites and a file crafted to generate misleading pop-ups (masquerading as warnings from legitimate software) on Windows. Users should exercise caution to avoid falling victim to these tactics, as they can lead to potential secur
After reviewing the Proboscidea application, we have concluded that it is a malicious extension distributed through unreliable pages. This extension has the capability to activate the "Managed by your organization" feature, access and manipulate various data, and control other extensions and theme
Dzen is a ransomware variant belonging to the Phobos family that we discovered while examining malware samples submitted to the VirusTotal page. We learned that Dzen encrypts files (and modifies their filenames) and provides two ransom notes ("info.txt" and "info.hta"). Dzen appends the victim's I
While investigating the website, we found that breliu[.]shop is among the numerous deceitful pages employing clickbait tactics to gain visitors' permission to send notifications. Rarely do users intentionally navigate to sites such as breliu[.]shop, and they should promptly close them upon arrival
Our researchers discovered the rujba.co[.]in website while investigating suspicious pages. After inspecting it, we determined that rujba-co[.]in endorses browser notification spam and generates redirects to other (likely suspicious/malicious) webpages. Visitors to rujba-co[.]in and similar pages
While reviewing new file submissions to VirusTotal, our research team found yet another adware from the AdLoad malware family called ActiveQuest. This rogue application operates by running intrusive ad campaigns, and it may have other harmful abilities as well. Adware stands for advertis
Our researchers discovered the "Up - Ad Blocker" browser extension while investigating untrustworthy sites. This software is endorsed as an ad-blocking tool specifically for YouTube and Google. However, after examining Up - Ad Blocker, we determined that it is advertising-supported software (adwa
Upon inspection, we determined that the "DocuSign - Completed Document" email is spam. It notifies recipients of the completion of a document signing. The goal of this mail is to lure users into visiting a phishing website that targets email account log-in credentials. The spam email with
Narnia is a remote administration Trojan (RAT) equipped with various harmful capabilities, including exfiltration of sensitive data, capturing screenshots, logging keystrokes, and stealing banking information. It poses a significant threat to users' privacy and security by enabling unauthorized ac
XRed is a backdoor-type malware that has been around since at least 2019. Software within this classification is designed to open a "backdoor" to systems for other malware or malicious components. XRed also has data-stealing abilities. Based on the presence of the Turkish language in the malware'