Our inspection of the "Incoming Mails Have Been Restricted" email revealed that it is spam. It operates as a phishing scam and targets recipients' email account log-in credentials. This fake email claims that messages failed to reach the recipient's inbox and that the account will be deactivated –
After inspecting the "Company Contact" email, we determined that it is malspam. This fake business-related email contains a malicious attachment. The file distributed through this spam mail is designed to infect recipients' devices with the FormBook malware. The spam email with the subject
After inspecting the email, we have confirmed that it is a phishing scam disguised as a letter regarding some important inquiry. The scammers aim to deceive the recipients into giving away their personal information. Therefore, we recommend marking the email as spam and deleting it. The em
Our team has inspected searchessuggestions.com and found that it is a shady search engine that may lead to untrustworthy pages. It is important to note that search engines of this kind usually are promoted through apps that modify the settings of web browsers, known as browser hijackers. S
While testing the Clipbox Tab application, we learned that this browser extension functions as a browser hijacker. The purpose of this browser-hijacking app is to promote two fake search engines: find.asrcgetit.com and clipboxtab.com. Clipbox Tab hijacks a browser by altering its settings.
While inspecting new submissions to VirusTotal, our researchers discovered the Reopen ransomware-type program. We also determined that Reopen is part of the VoidCrypt ransomware family. Malware within this classification is designed to encrypt data and demand ransoms for its decryption. After we
We examined this email and uncovered that the sender disguised it as a letter from Atlantis Translogistik, a freight forwarding service company in North Jakarta. Additionally, the email includes two harmful attachments used to distribute malware. Therefore, recipients are advised to ignore the ema
Goba is a ransomware variant that utilizes encryption to lock files, and as part of its process, it adds the ".goba" extension to the filenames of all encrypted files. This malware also creates a ransom note, which is saved as "_readme.txt". Goba is part of the Djvu ransomware family and may be di
During our analysis of malware samples submitted to VirusTotal, we came across Goaq, a ransomware belonging to the Djvu family. Goaq encrypts files and adds the ".goaq" extension to the filenames of encrypted files. It also creates a text file called "_readme.txt" that contains a ransom note. As
Gosw is a type of ransomware that is part of the Djvu family. When Gosw infects a system, it encrypts files and appends the ".gosw" extension to the file names. It also creates a ransom note in the form of a "_readme.txt" file. Our researchers identified Gosw during an analysis of malware samples