Our analysis shows that Lord is ransomware that encrypts files, appends the victim's ID, an email address, and the ".rmg" extension to files, changes the desktop wallpaper, and provides a ransom note ("#HowToRecover.txt"). We discovered Lord while inspecting samples uploaded to VirusTotal. Additio
We checked spanlinkhub[.]com and found that it utilizes clickbait to get visitors to allow its notifications. If someone accepts, the site can flood them with fake alerts and other misleading, annoying messages. It is advisable to avoid spanlinkhub[.]com and never agree to receive notifications fr
We have examined the email and concluded that it is a phishing attempt posing as a message regarding an "outgoing payment/payment confirmation". It is crafted to trick recipients into clicking the provided link and entering personal information on a fake web page. This email should be ignored.
After reviewing this "Wix Subscription Expiration" email, we determined that it is spam. This message alerts the recipient that their Wix.com subscription will expire in a couple of days, and they must update their payment details to avoid service interruptions. This spam mail is a phishing scam
After inspecting this "Verify Mail Delivery Settings" email, we determined that it is spam. It alerts the recipient that their email delivery service may have been affected by a configuration error. This phishing message aims to deceive recipients into revealing their account log-in credentials (p
Zeo is a ransomware discovered by our researchers during a routine inspection of new submissions to the VirusTotal website. This program is part of the Dharma ransomware family. Zeo encrypts data and demands payment for its decryption. On our test machine, this ransomware encrypted files and appe
Our team has inspected the website (uscr[.]lat) and found that it promotes a fake cryptocurrency airdrop, supposedly launched by the United States Crypto Reserve. Its purpose is to trick visitors into believing that they can receive cryptocurrency. Falling for this scam can result in the theft of
Stempendemis.co[.]in is a rogue webpage discovered by our research team during a routine inspection of untrustworthy sites. After examining this page, we determined that it promotes spam browser notifications and redirects users to other (likely unreliable/dangerous) websites. The majority of vis
While browsing suspicious sites, our research team found the rvioi.co[.]in rogue webpage. It is designed to endorse browser notification spam and redirect visitors to different (likely dubious/harmful) websites. Most users access rvioi.co[.]in and similar pages via redirects produced by sites util
Our examination of this "Security Info Replacement" email revealed that it is spam. The message instructs the recipient to renew their account security information. This spam campaign aims to trick victims into disclosing their email account log-in credentials to a phishing website. The sp