TechWebNavigator is a rogue application that we found during a routine investigation of new file submissions to the VirusTotal site. After analyzing this piece of software, we determined that it is adware belonging to the AdLoad malware family. TechWebNavigator runs intrusive ad campaigns and ma
Upon inspection of the "De.Fi Launchpad Airdrop", we determined that it is a scam. This scheme imitates the legitimate De.Fi online platform, and the known domains used by the fake sites mimic that of the original – de.fi (https://de.fi/). The scam is presented as an airdrop of an unspecified tok
Upon inspection of the "UKNL Board Online Sweepstakes" email, we determined that it is spam. This bogus missive claims that the recipient has won £350,000 in an Online Sweepstakes. The email name drops several genuine entities, clearly hoping to create a sense of legitimacy. This spam mail likely
Our research team discovered the Backoff ransomware while investigating new submissions to the VirusTotal website. This malicious program is based on the Chaos ransomware family. Malware within this category encrypts data and demands ransoms for its decryption. Backoff encrypted files and appende
Our analysis of the PachyrhinosaurusLakustai app revealed worrisome capabilities, such as reading and altering data on websites, managing browser themes and extensions, and activating the "Managed by your organization" feature in Chrome and Edge browsers. Its distribution is facilitated through a
Our researchers found the HelperFraction application while checking out new file submissions to VirusTotal. Following our analysis, we determined that this app is advertising-supported software (adware). HelperFraction is also part of the AdLoad malware family. Applications within this group run
When examining the app, we noted that StratocumulusCastellanus is a shady app that can read and change data on websites, manage themes and extensions within a browser, and activate the "Managed by your organization" feature in Chrome and Edge browsers. Moreover, StratocumulusCastellanus is distrib
While investigating new file submissions to the VirusTotal site, our research team discovered the Frivinho ransomware. This malicious program operates by encrypting data and demanding payment for its decryption. On our test machine, this ransomware encrypted files and appended their filenames wit
Upon inspecting this webpage and the associated post on X (Twitter) promoting it, it became evident that it constitutes a fraudulent giveaway, designed as a scam to pilfer cryptocurrency from unsuspecting individuals. Scammers commonly use enticing prizes or giveaways to attract victims into falli
Recently, cracked apps on pirating websites that carried a Trojan proxy were discovered. The bad actors took pre-cracked apps, repackaged them as PKG files, and hid a Trojan proxy along with a script to infect systems after installation. The application named Activator is also involved in the ma