Evil Extractor (EvilExtractor) is a tool utilized for stealing sensitive data from users in Europe and the U.S. It is marketed by Kodex, a company that charges $59 per month for its use. Despite being advertised as a legitimate tool, Evil Extractor is predominantly promoted on hacking forums to at
After inspecting the "Blockchain.com - Verify Your Device" email, we determined that it is fake. This spam letter states that a suspicious sign-in has been observed on the recipient's Blockchain.com account and requires them to verify their device. The goal of this scam mail is to extract users' a
VoNiX is one of the ransomware variants belonging to the Xorist family. We discovered VoNiX while inspecting malware samples submitted to VirusTotal. Our investigation revealed that apart from encrypting files, VoNiX changes the desktop wallpaper, displays an error message, and creates the "HOW TO
After conducting an investigation, we have determined that the email in question is a sextortion scam, designed to deceive recipients into thinking that they must pay a specified amount of money to the sender to prevent the release of embarrassing material. We strongly advise recipients to disrega
Rea is ransomware that belongs to the Dharma family. Our malware analysts discovered Rea during an examination of samples submitted to VirusTotal. The main purpose of Rea is to encrypt files and demand ransom in return for their decryption. It displays a pop-up window and creates the "info.txt" fi
After reviewing this email, our team has concluded that it is a fraudulent email intended to deceive recipients into divulging sensitive information or making payments. The scam aims to make recipients believe that they have received a legitimate business proposal. Emails of this kind should be di
Our research team found the cfrsoft[.]com rogue site during a routine investigation of untrustworthy webpages. It is designed to push spam browser notifications and redirect visitors to other (likely untrustworthy/dangerous) websites. Users typically access pages like cfrsoft[.]com through redirec
Buyadvupforgroup[.]com is a rogue page that our researchers discovered while inspecting dubious websites. We found two appearance variants of this webpage. It operates by promoting spam browser notifications and redirecting users to different (likely unreliable/dangerous) sites. Most users access
Our inspection of the "Email Verification Alert" letter revealed that it is spam. The scam email states that due to declined upgrades, the recipient's mailbox cannot process incoming messages. This spam mail aims to trick users into visiting the promoted phishing website. The email with th
After inspecting the "Fill The Sars" email, we determined that it is spam. The letter instructs to fill out the attached form, which is actually a phishing file that targets recipients' email account log-in credentials. The spam email with the subject "PAYMENT NOTIFICATION FROM SARS" (may