Our researchers discovered InitialEngine during a routine inspection of file submissions to the VirusTotal platform. After examining this piece of software, we learned that it is adware from the AdLoad malware family. InitialEngine is designed to display ads and may possess other harmful capabil
While reviewing file submissions to the VirusTotal platform, our research team discovered an advertising-supported software called VisualFlexibility. This application is part of the AdLoad malware family. VisualFlexibility adware is designed to deliver intrusive advertisement campaigns.
After inspecting the "Order List" email, we determined that it is malspam. This malicious spam email claims to have an order list attached to it. If a recipient is lured into clicking the bogus attachment, they download the Agent Tesla RAT's executable. This RAT (Remote Access Trojan) is a piece o
This "Blast Airdrop" is fake. When users attempt to participate in this airdrop (giveaway), they trigger a cryptocurrency-draining mechanism that empties their wallets of funds. This scam promises to distribute the Blast (BLAST) cryptocurrency. Users are instructed to connect their cryptow
Our analysis of the email identified it as a fake notification posing as a letter from WeTransfer, a Dutch internet-based file transfer service company. The email is designed to deceive recipients into divulging personal information, a tactic commonly known as phishing. Emails of this kind should
When examining magmaheartforger[.]top, it was noted that the page uses deceptive methods to trick visitors into allowing it to show notifications. There are at least two versions of magmaheartforger[.], both created for the same purpose. Also, magmaheartforger[.]top may redirect to other unreliabl
Rage (also known as RageStealer, xStealer) is an information-stealing malware. This stealer was previously known as Priv8 until its rebrand – Rage – resurfaced in the summer of 2023. This malicious program is designed to exfiltrate data, predominantly log-in credentials (usernames/passwords).
During our investigation, we discovered that mobilisearch.com is a fake search engine promoted through malicious browser extensions. Typically, users are compelled to utilize such search engines via a technique known as browser hijacking. Trusting mobilisearch.com or applications created to hijack
During our examination, we discovered that ProcesserCache is an undesirable application classified as adware. Apps like ProcesserCache are designed to display intrusive advertisements and may also collect user information. Consequently, it's advisable to avoid trusting ProcesserCache and similar
In our evaluation of samples uploaded to Virustotal, we discovered the JerryRansom ransomware, which is based on the Chaos ransomware. JerryRansom encrypts files, changes the desktop wallpaper, crates a ransom note (the "Read_me.txt" file), and appends four random characters to filenames. For ins