3AM (also known as ThreeAM) is ransomware written in Rust programming language. The purpose of 3AM is to encrypt files. After finishing the encryption process, it makes an effort to delete Volume Shadow (VSS) copies. Additionally, 3AM appends the ".threeamtime" extension to the filenames of encryp
Our research team discovered the ElasticPortable app during a routine inspection of new submissions to VirusTotal. After analyzing this application, we learned that it is adware belonging to the AdLoad malware family. This advertising-supported software is designed to generate revenue for its de
Our team discovered the StratusNebulosus browser extension during the analysis of a malicious installer obtained from an unreliable website. We found that StratusNebulosus can perform various actions once added. For instance, it can enable the "Managed by your organization" feature in Chrome brows
While examining a malicious installer, we uncovered NeriumOleander and troubling activities conducted by this browser extension. These actions involved adding the "Managed by your organization" feature to the Chrome browser and accumulating various data. Consequently, individuals who have added Ne
Tremendous Banking Botnet is an Android-specific malware. This malware is highly versatile and has a multitude of capabilities. Some of them include automatic command execution, malicious code injection into apps/processes, keylogging, SMS and call management, etc. High-risk malware like Tremendo
During an investigation of a malicious installer, we stumbled upon BegoniaSemperflorens and its concerning behavior as a browser extension. These activities encompassed the introduction of the "Managed by your organization" feature in the Chrome browser, the collection of diverse data, and the man
Our examination of the "NEW DOCUMENT(S) FOR REVIEW ON CLOUD" email revealed that it is spam. This phishing letter aims to deceive recipients into disclosing their email account log-in credentials by claiming that they were sent sensitive documents. The spam email with the subject "AUTOMATE
After examining the website, our team concluded that it promotes a fraudulent giveaway. Typically, scammers employ websites displaying deceptive pop-up messages or similar content to entice visitors into disclosing sensitive information, sending money, or taking other actions. Consequently, it is
After assessing the Retro Car Cover app, our team learned that its main objective is to operate as a browser hijacker, with the goal of promoting phereugo.com, a fake search engine. This extension modifies browser settings to establish control. To mitigate potential risks, users who have had their
During our investigation of pcbasicessentials[.]com, we identified that the website's primary objective is to deceive visitors into thinking their computers are infected. Additionally, pcbasicessentials[.]com seeks permission to send notifications. It is worth mentioning that users frequently arri