While investigating deceptive websites, our team uncovered an installation package containing a dubious application that compels users to visit ssj4.io, a questionable search engine. Typically, browser-hijacking programs modify browser settings to promote such sites. In this case, the app abstaine
While investigating new submissions to VirusTotal, our researchers discovered the Fastbackdata ransomware. It is designed to encrypt data and demand ransoms for its decryption. This malicious program belongs to the Phobos ransomware family. Fastbackdata encrypted files and changed their filenames
Through our analysis of the malware, we determined that New24 is ransomware belonging to the Phobos family. We discovered New24 while checking the samples submitted to VirusTotal. Once activated, New24 encrypts data and demands payment for its decryption (it presents two ransom notes, "info.hta" a
CrackedCantil is a dropper malware designed to distribute a variety of malicious software, encompassing loaders, information stealers, cryptocurrency miners, proxy bots, and ransomware. The primary method of disseminating this malware involves leveraging cracked software on dubious websites or for
During our examination, we observed that DominantGeneration exhibits characteristics typical of adware. Once installed, it initiates the display of intrusive advertisements, leading to its classification as adware. It is noteworthy to highlight that such software often collects diverse data.
Our researchers discovered abelectivirean[.]com during a routine investigation of suspicious sites. Upon inspection, we determined that this rogue webpage promotes browser notification spam. Additionally, it can redirect visitors to other (likely unreliable/harmful) websites. Users primarily acce
ExtendedCommand is an adware-type app discovered by our research team during a routine inspection of file submissions to VirusTotal. This advertising-supported software is part of the AdLoad malware family. ExtendedCommand is designed to generate revenue for its developers by feeding users with
Our researchers discovered the jastugoa[.]top rogue page while investigating questionable websites. It operates by promoting questionable content and spam browser notifications. Furthermore, this webpage can redirect users elsewhere (likely unreliable/malicious sites). The majority of visitors to
Upon inspection of the "Employees Performance Report" email, we learned that it is spam. This mail links a webpage supposedly containing a list of employees who will be terminated in the recipient's place of work. This site operates as a phishing webpage targeting email account log-in credentials.
After investigating the "Bank Confirmation" email, we determined that it is spam. This phishing letter aims to deceive recipients into disclosing their account log-in credentials by using a payment-related lure. The spam email with the subject "Payment Confirmation" (may vary) states that