Our inspection of the "ATM Card" email uncovered that it is spam. The letter claims that the recipient will be sent an ATM card with over three million US dollars on it, and they are asked to provide their personal information for delivery purposes. However, it is possible that this phishing scam
The BellisPerennis browser extension came to our attention when our team analyzed a malicious installer sourced from an untrustworthy website. We identified that BellisPerennis possesses the capability to execute various actions upon adding, including the activation of the "Managed by your organiz
While examining malware samples submitted to VirusTotal, we encountered a ransomware variant known as Oohu. Oohu is specifically crafted to encrypt files and modify their file names by adding the ".oohu" extension. Additionally, Oohu produces a ransom message named "_readme.txt". To provide an ex
PySilon is a Remote Access Trojan (RAT) written in the Python programming language. Malware within this classification enables remote access and control over infected machines. PySilon is a multi-functional program that can execute various commands on systems and has extensive spyware/data-stealin
While analyzing a malicious installer obtained from an untrustworthy website, our team stumbled upon the Fish browser extension. We observed that Fish possesses the capability to execute multiple actions once added. One of its functions includes enabling the "Managed by your organization" feature
DBatLoader, also known as ModiLoader, is a malware variant designed to download and run the ultimate payload of common malware operations, typically information-stealing malware or a remote access tool (RAT) like Remcos, Warzone, FormBook, or AgentTesla. DBatLoader distribution campaigns are ofte
Burntcigar is a piece of malware that cybercriminals frequently employ in ransomware attacks, specifically with the Cuba ransomware variant. Burntcigar scans for process names that appear to be associated with well-known antivirus (AV) or endpoint detection and response (EDR) products. It then inc
Our researchers discovered the malware-remover[.]online rogue page while inspecting suspicious websites. It operates by running scams and promoting spam browser notifications. This webpage can also redirect users to different (likely dubious/malicious) sites. Most visitors to malware-remover[.]on
During a routine investigation of unreliable websites, our research team discovered the One Click Pic browser extension. It is promoted as a tool that allows users to easily download images from sites (i.e., one-click download of all images depicted on a webpage). However, after inspecting this p
Pclifebasics[.]com is the address of a rogue site promoting scams and browser notification spam. This webpage can also redirect visitors to other (likely unreliable/harmful) sites. Most users access pclifebasics[.]com and pages akin to it via redirects generated by websites utilizing rogue advert