Upon investigation of gebehee[.]top, it was observed that the website presents users with a deceptive survey and requests permission to send notifications. Additionally, gebehee[.]top redirects visitors to other questionable websites. As a result, users are strongly advised to refrain from visitin
This "AppleCoin" platform is a scam. It operates as a crypto drainer, i.e., empties the cryptocurrency stored in wallets connected to it. This "AppleCoin" scheme has been observed being endorsed by posts made on the X (more commonly known by its former name – Twitter) social media platform.
PureLand is a stealer-type malware targeting Mac devices. Programs within this classification are designed to steal information from infected systems. PureLand targets cryptocurrency wallets and other sensitive data. This malware has been observed being spread under the guise of a Play-to-Earn
PDFsharp seems to be a tool designed for handling PDF files. Yet, upon thorough examination, it emerges as an unreliable application with an unclear purpose. Additionally, it comes bundled with other dubious apps - it gets installed together with other suspicious elements. Consequently, it is stro
After a review, it has been established that PachycephalosaurusWyomingensis is a shady browser extension distributed via a malicious installer. PachycephalosaurusWyomingensis raises concerns due to its ability to activate the "Managed by your organization" feature in Chrome and Edge browsers, mana
PatchWorkApt is a ransomware variant based on Chaos. It has been discovered while examining malware samples uploaded to VirusTotal. Upon infiltrating a computer, PatchWorkApt encrypts files, appends a string of random characters to filenames, and creates the "look_this.txt" file (a ransom note).
CanisLupusGregoryi was discovered as a dubious application while examining a malicious installer downloaded from an untrustworthy page. This application has the ability to enable the "Managed by your organization" feature in Chrome and Edge browsers, read various data, and manage extensions and th
While investigating new malware submissions to the VirusTotal website, our researchers discovered the 3000USDAA ransomware. This program operates by encrypting data and demanding payment for its decryption. 3000USDAA encrypted files and appended their names with the attackers' email address and a
Upon inspection of the "DHL Agreement Documents" email, we determined that it is spam. This letter is disguised as a notification from DHL Express – the mail service of the DHL logistics company. It claims to contain copies of documentation as an attachment. However, it is a phishing file targetin
Our researchers discovered an installer containing CastaneaSativa during a routine investigation of deceptive sites. Upon analysis, we learned that this malicious extension tracks browsing data and modifies browsers. CastaneaSativa is capable of managing the apps, extensions, themes, and o