VoNiX is one of the ransomware variants belonging to the Xorist family. We discovered VoNiX while inspecting malware samples submitted to VirusTotal. Our investigation revealed that apart from encrypting files, VoNiX changes the desktop wallpaper, displays an error message, and creates the "HOW TO
After conducting an investigation, we have determined that the email in question is a sextortion scam, designed to deceive recipients into thinking that they must pay a specified amount of money to the sender to prevent the release of embarrassing material. We strongly advise recipients to disrega
Rea is ransomware that belongs to the Dharma family. Our malware analysts discovered Rea during an examination of samples submitted to VirusTotal. The main purpose of Rea is to encrypt files and demand ransom in return for their decryption. It displays a pop-up window and creates the "info.txt" fi
After reviewing this email, our team has concluded that it is a fraudulent email intended to deceive recipients into divulging sensitive information or making payments. The scam aims to make recipients believe that they have received a legitimate business proposal. Emails of this kind should be di
Our research team found the cfrsoft[.]com rogue site during a routine investigation of untrustworthy webpages. It is designed to push spam browser notifications and redirect visitors to other (likely untrustworthy/dangerous) websites. Users typically access pages like cfrsoft[.]com through redirec
Buyadvupforgroup[.]com is a rogue page that our researchers discovered while inspecting dubious websites. We found two appearance variants of this webpage. It operates by promoting spam browser notifications and redirecting users to different (likely unreliable/dangerous) sites. Most users access
Our inspection of the "Email Verification Alert" letter revealed that it is spam. The scam email states that due to declined upgrades, the recipient's mailbox cannot process incoming messages. This spam mail aims to trick users into visiting the promoted phishing website. The email with th
After inspecting the "Fill The Sars" email, we determined that it is spam. The letter instructs to fill out the attached form, which is actually a phishing file that targets recipients' email account log-in credentials. The spam email with the subject "PAYMENT NOTIFICATION FROM SARS" (may
After examining the "EMAIL ACCOUNT SHUTDOWN REQUEST" email, we determined that it is spam designed to operate as a phishing scam. This fake letter states that the recipient's mail account will be deactivated as per their request, but the process can be stopped if appropriate action is taken. The
Our research team discovered the newcaptchahere[.]top rogue page while investigating dubious websites. It is designed to promote browser notification spam and redirect users to other (likely unreliable/hazardous) sites. Most visitors to pages like newcaptchahere[.]top access them via redirects ca