Phoenix Worm is malware written in the Go programming language. It is designed to function as an initial-stage component in an infection chain. Its primary purpose is to quietly infiltrate a system, establish persistence, and prepare the system for the deployment of additional malware later. If
Our analysis has revealed that pointgrowthlab[.]com uses a deceptive technique to trick visitors into following the presented steps. If visitors do so, they allow the site to send notifications to their devices. Once permission is given, pointgrowthlab[.]com can promote scams and other untrustwort
Vile is ransomware that we discovered during an inspection of samples uploaded to VirusTotal. After execution, this ransomware encrypts files and provides a ransom note ("VILE_README.txt"). It also displays a pop-up message and appends the ".vile" extension to files. For instance, it renames "1.jp
We have reviewed the email and found that it is designed to appear as a security notification from the email provider. In reality, this is a scam email that provides a link to a fake website designed to trick visitors into entering personal information. Victims of this scam may lose access to pers
Our team has examined aztcsearch.com and found that it is a fake search engine associated with an unwanted extension called SearchBits. Aztcsearch.com does not generate results and is promoted through a browser hijacker. For these reasons, both aztcsearch.com and SearchBits should not be trusted.
Our inspection has revealed that license-check-av[.]site is a deceptive website that uses clickbait to get permission to deliver notifications. If the site is allowed to do so, it can show fake warnings and similar messages to promote other potentially malicious pages. License-check-av[.]site shou
Lalia is ransomware that we discovered while analyzing malware samples uploaded to VirusTotal. Once a device is infected, Lalia encrypts files and changes their filenames by appending the ".lalia" extension. For example, it renames "1.jpg" to "1.jpg.lalia" and "2.png" to "2.png.lalia". It also pro
We have examined the Shift application and concluded that it is an unwanted application. Its installer is flagged as malicious by multiple security vendors, which indicates that it may gather information or perform other unwanted actions. Installing Shift may lead to privacy and security issues. T
LofyStealer is an information-stealing malware distributed as a fake Minecraft cheating tool named (known as Slinky). It attempts to trick victims into launching the malware by using the official Minecraft icon and presenting itself as a legitimate utility. Once active, LofyStealer can collect sen
BirdCall is malware classified as a backdoor. It targets Android users and is delivered using a compromised gaming platform. It is known that BirdCall was previously used in attacks targeting Windows users. BirdCall is mainly used to steal information and is capable of executing commands. If detec