Winner is the name of a ransomware-type program. It is part of the VoidCrypt ransomware family. This malware operates by encrypting data and demanding payment for the decryption. After we executed a sample of Winner on our test machine, it encrypted files and modified their filenames. Original ti
We have inspected this email and determined that it is a phishing scam. It is disguised as a letter from Microsoft regarding a server scan. Scammers behind this email attempt to trick recipients into providing personal information. It should be ignored (marked as spam and deleted). This em
We have analyzed validitysupport[.]com and found that this page is running the "McAfee - Your PC is infected with 5 viruses!" scam. Also, it wants to show shady notifications. None of the messages displayed by validitysupport[.]com are real. Validitysupport[.]com is a deceptive page that should be
Hook (also known as Hookbot) is a banking malware targeting Android users. Hook allows cybercriminals to remotely interact with the infected device's screen, exfiltrate files, steal seed phrases from cryptocurrency wallets, perform overlay attacks, and more. Hook malware should be removed from inf
Our inspection of the "Mail Delivery Failed" email revealed that it is spam operating as a phishing scam. This letter aims to extract recipients' email account log-in credentials through false claims regarding messages that have failed to reach the inbox. The scam email with the subject "N
We have inspected this email and found that it is a phishing email sent by scammers who attempt to trick recipients into providing sensitive information. It urges recipients to validate their cryptocurrency wallets via the provided website - a fake page requesting to enter login information.
While examining malware samples submitted to VirusTotal, we discovered a new Nitro ransomware variant dubbed Bozewerkers. This variant encrypts data and appends the ".givemenitro" extension to filenames. Also, Bozewerkers changes the desktop wallpaper and displays a ransom note. An example of how
Trackedpcscanner[.]com is the URL of a rogue page discovered by our researchers during a routine inspection of dubious websites. It operates by running scams and promoting spam browser notifications. Additionally, this webpage can redirect visitors elsewhere (likely unreliable/dangerous sites). M
While checking out dubious webpages, our researchers discovered the guardpcsyst[.]online rogue page. It is designed to promote scams and browser notification spam. Furthermore, guardpcsyst[.]online can redirect visitors to different (likely untrustworthy/malicious) websites. Users typically acces
The "Dormant Account" email is spam. It is presented as a letter from a bank auditing director regarding a dormant account of a late customer. The email suggests splitting the millions within it between the sender and recipient. It must be emphasized that all the claims made by the "Dormant Accou