PAKLOG is a type of malware called a keylogger. It tracks what the victim types on their keyboard and monitors what they copy to the clipboard. It collects and saves this information in a file on the infected computer. However, PAKLOG cannot send the data to cybercriminals directly, which means th
We have inspected rectionip.co[.]in and discovered that it is one of the many deceptive websites designed to trick visitors into allowing them to show notifications. Once permission is granted, rectionip.co[.]in bombards users with notifications containing fake warnings and other misleading messag
Our inspection of the "Shared-File Attachments" email revealed it to be spam. This message claims that the recipient has been sent remittance advice in a password-protected file. This spam mail aims to trick recipients into disclosing their email account log-in credentials to a phishing site.
While investigating untrustworthy websites, our research team discovered this fake "Multipli ($MULTI) Registration" site. It impersonates Multipli (multipli.fi), yet the scam bears no association with this platform. The imitator webpage promotes a cryptocurrency drainer that steals digital assets
After examining this "Quote For Delivery Price And Time" email, we learned that it is spam. This is a phishing email that targets recipients' account log-in credentials (passwords) through an RfQ (Request for Quotation) themed lure. The spam email with the subject "Request for Quotation: U
Gunra is the name of a ransomware-type program. This piece of malicious software operates by encrypting data and demanding ransoms for the decryption. On our test machine, Gunra encrypted files and appended their names with a ".ENCRT" extension. For example, an original filename such as "1.jpg" a
Our analysis of levelupconnection.co[.]in has shown that it is a deceptive website. It uses clickbait to obtain permission to send notifications. Notifications from levelupconnection.co[.]in include fake warnings and other misleading content. Users should avoid granting permission to show notifica
SuperCard X is a mobile malware targeting Android users. It is offered to cyber criminals through a Malware-as-a-Service (MaaS) model. The attackers focus on customers of banks and credit card companies, with the goal of stealing their payment card information. Victims of SuperCard X are strongly
Our research team discovered the livecubewordopiafile[.]monster rogue page during a routine inspection of suspect websites. Upon examination, we learned that this webpage endorses dubious software and browser notification spam. It also redirects users to other (likely unreliable/hazardous) sites.
Our researchers discovered the Tasjoc Tools Quato app while inspecting dubious websites. Upon analysis, we determined that this piece of software is a PUA (Potentially Unwanted Application). It is a dropper for the Legion Loader malware. It is worth mentioning that installers like the one carrying