After inspecting the "Missed Call" email, we determined that it is spam operating as a phishing scam. This mail promotes a phishing website that requests visitors to sign in with their email accounts. Hence, by trusting this fake letter - users can lose their email accounts and the content connect
Our team tested the Video Player Pro browser extension and learned that it shows annoying advertisements. Also, it can manage downloads and read and change data on all websites. Apps that generate ads are called adware (advertising-supported software). Users rarely install adware on purpose.
Gqlmcwnhh is ransomware (a ransomware variant from the Snatch family). It encrypts data, appends ".gqlmcwnhh" extension to filenames, and drops the "HOW TO RESTORE YOUR FILES.TXT" file (a ransom note). Our malware researchers discovered Gqlmcwnhh while examining samples submitted to VirusTotal. A
While investigating malware samples submitted to VirusTotal, our team discovered an information stealer called Titan. Malware of this type gathers sensitive data from the infected system and sends it to the attacker. Typically, cybercriminals behind information stealers are financially motivated.
While checking out deceptive websites, our researchers discovered the Tab Session browser extension. It is presented as a productivity improvement tool that promises easy access and navigation on browsers. However, Tab Session operates as adware. This browser extension runs intrusive ad campaigns
XStealer is a piece of malicious software designed to steal data. This stealer malware can exfiltrate browsing and user information. Therefore, XStealer infections endanger victims' privacy and safety. XStealer, like many stealers, begins its operation by gathering relevant device data (e.
While reviewing new submissions to VirusTotal, our research team found the Cipher ransomware. This malicious program is part of the MedusaLocker ransomware family. After a sample of Cipher was executed on our testing system, it began encrypting files and appended their names with a ".cipher" exte
While investigating reportyouridentity[.]site, we found that it is a deceptive page designed to trick visitors into believing that their computers are infected. Also, reportyouridentity[.]site asks for permission to show notifications. Our team discovered reportyouridentity[.]site while inspecting
Our analysis of the "DHL Shipping Document/Invoice Receipt" email revealed that it is fake. This spam letter is presented as a notification from DHL - a legitimate logistics, courier, delivery, and express mail company. This mail attempts to trick recipients into disclosing their email account log
TONEINS is the name of a backdoor malware. This software is designed to open a "backdoor" for additional malicious components or programs into compromised systems. TONEINS, alongside TONESHELL and PUBLOAD, have been observed being distributed in cyberespionage campaigns particularly active in Asi