During our inspection, we came across the finding that PantheraLeo is an unreliable extension distributed via a malicious installer. Once added to a browser, PantheraLeo activates the "Managed by your organization" feature (it can control this setting on Chrome and Edge browsers). Also, PantheraLe
Upon scrutinizing the email, it became evident that it conforms to the characteristics of a common phishing attempt. The scammers orchestrating this scheme seek to deceive recipients by enticing them to click on the provided link, ultimately coercing them into revealing sensitive personal informat
In the process of reviewing the app, it became apparent that Unorthodoxly.app is an advertising-supported app associated with the Pirrit family. Unorthodoxly.app exhibits intrusive advertisements and may gather personal information. Usually, apps like Unorthodoxly.app are distributed using dubio
"New Purchasing Document" is a spam email that promotes a phishing scam. The letter is presented as a notification regarding a file sent to the recipient. This spam mail aims to deceive users into disclosing their email account log-in credentials (passwords). The spam email with the subjec
"AltLayer Token Airdrop" is a scam. It is presented as a cryptocurrency airdrop distributing the ALT Token released by the AltLayer company. However, after a user exposes their digital wallet through the scheme – it starts operating a cryptocurrency drainer. Hence, victims of "AltLayer Token Airdr
Our research team discovered an installation setup containing the Columbiformes browser extension during a routine investigation of suspect sites. This piece of malicious software targets Google Chrome and Microsoft Edge browsers. Columbiformes is capable of modifying the software and collecting b
While investigating suspicious sites, our researchers discovered an installer containing VBMarker. This Potentially Unwanted Application (PUA) likely has harmful capabilities. Software within this classification commonly uses disguises and promises of useful functionalities to lure users into dow
While scrutinizing the application, it was revealed that it cannot be trusted and should be avoided. Fulltimehighpotencyguard[.]info displays deceptive content to trick visitors into believing that their computers are infected and agreeing to receive notifications. Usually, sites like fulltimehigh
After inspecting this "LENA Token Distribution" event, we determined that it is fake. Eligible users will supposedly receive Lena NFTs (Non-Fungible Tokens). However, after a digital wallet is connected to this scheme – it starts operating as a cryptocurrency drainer. The website running "
GoStealer, crafted in the Golang programming language, operates as an information-stealing threat. Once implanted, GoStealer exhibits the ability to covertly extract sensitive data, posing a significant risk to the security and privacy of affected users and organizations. This threat should be rem