EndPoint is ransomware from the Babuk family. Our team discovered it during an inspection of malware samples uploaded to VirusTotal. It encrypts files and appends the ".endpoint" extension to them. For instance, it changes "1.jpg" to "1.jpg.endpoint" and "2.png" to "2.png.endpoint". EndPoint also
After inspecting this "Your Chase Banking Has Been Disabled" email, we determined that it is fake. By alerting the recipient that their Chase account was disabled, this email aims to trick them into disclosing their log-in credentials. It must be emphasized that the information in this phishing m
After examining this "Updated Service Terms" email, we determined that it is spam. It alerts recipients of updated terms of service that were not accepted; thus, their email accounts will be deactivated. This message endorses a phishing site targeting email log-in credentials. This spam em
Upon examining this "Quote That Meets Our Requirements" email, we learned that it is spam. This phishing message asks the recipient to provide a quote according to the requirements in the shared document. The promoted fake file transferring website targets email account log-in credentials.
Snapinterruptfilesave[.]com is a rogue page discovered by our research team during a routine investigation of suspicious websites. It operates by promoting dubious content and browser notification spam. Additionally, the webpage can redirect users elsewhere (likely unreliable/malicious) sites. Mo
While analyzing a rogue installer, our researchers discovered the "Klio Verfair Tools" PUA (Potentially Unwanted Application). This app is designed to infiltrate the Legion Loader malware into systems. At the time of research, Klio Verfair Tools was installed together with another PUA called Suma
While investigating new file submissions to the VirusTotal website, our research team discovered the P*zdec ransomware (the asterisk stands for the letter "i", and it will be censored in this manner throughout this article). This malicious program is part of the GlobeImposter ransomware family. O
While investigating new submissions to the VirusTotal platform, we discovered the Louis ransomware. It operates by encrypting files and demanding payment for the decryption. On our test machine, Louis ransomware encrypted files and appended their names with a ".Louis" extension. For example, a fi
Spinefreeads[.]top is a rogue page discovered during a routine investigation session of suspicious websites. Upon inspection, we determined that this webpage promotes browser notification spam and generates redirects to other (likely untrustworthy/dangerous) sites. Most visitors enter pages like
After examining this "Avoid Getting Locked Out" email, we determined that it is spam. This message warns the recipient that they can get locked out of their account if they do not re-authenticate it. The email promotes a phishing website targeting email log-in credentials. This spam email