After investigating the "Asian Welfare Lottery" email, we determined that it is spam. This mail promotes a phishing scam. It states that the recipient has won 1.5 million USD, and to claim the prize – they must provide their personally identifiable information. It is noteworthy that in addition t
Upon closer examination of the email, it has become evident that it is a phishing attempt designed to obtain personal information. The perpetrators behind this phishing scheme aim to trick recipients into opening the attached file and divulging their login credentials. Therefore, emails of this na
Nightingale is a sophisticated information-stealing software adept at extracting data from browsers, cryptocurrency wallets, applications, and other sources. The cybercriminals responsible for Nightingale offer the malware for sale at $75.99 monthly, $210.99 for a three-month subscription, and $42
In the course of our inspection of malware samples on VirusTotal, we came across a variant of Lapsus$ Group ransomware dubbed LAPSUS$ (ZZART3XX). LAPSUS$ encrypts data and appends the ".EzByZZART3XX" extension to filenames. Additionally, LAPSUS$ provides a ransom note ("Open.txt") and changes the
Our research team found the ExploreFast app while reviewing new file submissions to the VirusTotal site. After analyzing ExploreFast, we determined that it is advertising-supported software (adware). Additionally, we learned that this application is part of the AdLoad malware family. Adw
Our researchers discovered the fundatingquest[.]fun page during a routine investigation of untrustworthy websites. Upon inspection, we determined that this rogue webpage promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites. The majority of visitors t
Our researchers discovered InitialEngine during a routine inspection of file submissions to the VirusTotal platform. After examining this piece of software, we learned that it is adware from the AdLoad malware family. InitialEngine is designed to display ads and may possess other harmful capabil
While reviewing file submissions to the VirusTotal platform, our research team discovered an advertising-supported software called VisualFlexibility. This application is part of the AdLoad malware family. VisualFlexibility adware is designed to deliver intrusive advertisement campaigns.
After inspecting the "Order List" email, we determined that it is malspam. This malicious spam email claims to have an order list attached to it. If a recipient is lured into clicking the bogus attachment, they download the Agent Tesla RAT's executable. This RAT (Remote Access Trojan) is a piece o
This "Blast Airdrop" is fake. When users attempt to participate in this airdrop (giveaway), they trigger a cryptocurrency-draining mechanism that empties their wallets of funds. This scam promises to distribute the Blast (BLAST) cryptocurrency. Users are instructed to connect their cryptow