Rhysida is the name of a ransomware-type program. It is designed to encrypt data and demand payment for its decryption. On our testing machine, Rhysida encrypted files and appended their filenames with a ".rhysida" extension. To elaborate, a file originally named "1.jpg" appeared as "1.jpg.rhysid
After inspecting this "Moldindconbank" email, we determined that it is fake. This letter targets clients of the Moldindconbank Moldovan bank. The spam email states that the recipient's card has been suspended due to suspicious activity. To rectify this issue, the recipient is to conclude a verific
While inspecting new submissions to VirusTotal, our researchers found the Havoc ransomware. Malware of this kind is designed to encrypt data and demand payment for its decryption. On our test machine, Havoc encrypted files and altered their filenames. Original titles were appended with the attack
Upon careful analysis of this email, our team has concluded that it is an instance of phishing. The email is designed to deceive recipients by posing as a communication from an email service provider, specifically impersonating Webmail. The primary goal of scammers is to trick unsuspecting individ
Tunnelbuilder[.]top is a deceptive website designed to trick visitors into subscribing to its notifications. Also, tunnelbuilder[.]top redirects users to similar pages. Users rarely intentionally open such pages. Our team encountered tunnelbuilder[.]top while investigating websites that use dishon
Atlas is the name of a clipper-type malware. Malicious programs categorized as such are designed to replace content copied into the clipboard. Atlas detects whenever a victim copies a cryptocurrency wallet address and replaces it – thus rerouting outgoing transactions. Atlas is capable of
Our researchers discovered the gadscare.com rogue page while investigating suspect sites. This webpage is designed to promote browser notification spam and redirect visitors elsewhere (likely unreliable/harmful sites). Users primarily enter such pages via redirects generated by websites using rogu
Based on our investigation, it has been confirmed that this email has been falsified by individuals intending to engage in malicious activities. The main goal of these scammers is to trick recipients into sharing confidential information via a fraudulent page. Such pages are referred to as phishin
Tnwkgbvl is ransomware that our team discovered while examining malware samples submitted to VirusTotal. We found that Tnwkgbvl belongs to the Snatch ransomware family. The purpose of Tnwkgbvl is to make files inaccessible by encrypting them. Also, Tnwkgbvl creates a ransom note ("HOW TO RESTORE Y
Targeting macOS users, ShadowVault is an information-stealing malware. Its creators market and sell it on a hacker forum at a price of $500 per month. This malicious software is capable of extracting sensitive data from web browsers, files stored on compromised computers, as well as data from cr