After checking out the "New Shared Documents" email, we determined that it is spam. This letter operates as a phishing scam targeting email account log-in credentials. It does so by claiming that a payment-related document has been shared with the email recipient. As previously mentioned, this em
Downloaderfiles[.]cloud is a rogue webpage that we discovered while investigating suspicious sites. It is designed to promote dubious/harmful software and browser notification spam. Furthermore, downloaderfiles[.]cloud may redirect visitors to other (likely untrustworthy/dangerous) websites. User
While investigating dubious websites, our researchers discovered the pharmaddscompany[.]com rogue page. At the time of research, there were three appearance variants of this webpage – all of which promoted browser notification spam. Additionally, pharmaddscompany[.]com can redirect visitors elsewh
We have examined this email and determined that it is a scam. The scammers behind this letter pretend to be Mrs. Amina Mohammed, Deputy Secretary-General of the United Nations. Their goal is to trick recipients into believing they are eligible for significant monetary compensation. This sc
We found that NewTab Extension is a browser extension that promotes naturenewtabextension.com by hijacking a web browser. Naturenewtabextension.com is a fake search engine that does not provide unique results. Users often unintentionally download and install/add browser hijackers. NewTab E
TgToxic is the name of an Android banking malware. It is a malicious program that seeks to acquire finance-related information. This malware has been active in Southeast Asia as early as July 2022. The initially observed campaigns targeted Taiwanese users and later expanded to Thailand and Indone
Our team has investigated porptogred[.]com and learned that it is an unreliable website that displays a misleading message to trick visitors into agreeing to receive notifications. Visitors often inadvertently access sites like porptogred[.]com. We found porptogred[.]com while inspecting pages tha
While examining malware samples submitted to VirusTotal, we discovered a ransomware variant based on Chaos ransomware dubbed Adrianov. This variant encrypts data, modifies filenames of all encrypted files, changes the desktop wallpaper, and drops the "andrianov.txt" file containing contact, paymen
The PixPirate is a dangerous Android banking Trojan that has the capability to carry out ATS (Automatic Transfer System) attacks. This allows threat actors to automatically transfer funds through the Pix Instant Payment platform, which numerous Brazilian banks use. In addition to launching ATS at
We discovered starvardsee[.]xyz while examining websites that use rogue advertising networks. After analyzing starvardsee[.]xyz, we determined that it displays misleading content to gain permission to show questionable notifications and redirects users to other untrustworthy pages. Starvar