While investigating new malware submissions to VirusTotal, our research team discovered another malicious program belonging to the Phobos ransomware family - called Fopra. We executed a sample of Fopra on our test machine, and it encrypted files and altered their titles. Original filenames were a
Moisha is a ransomware-type program designed to encrypt victims' data, delete Volume Shadow Copies, and demand payment for the decryption tools. Typically, ransomware appends the filenames of encrypted files with an extension; however, after releasing a sample of Moisha on our test system - we le
After inspecting the "Your Password Is Set To Expire" email, we determined that it is spam. The letter claims that recipients' email account passwords will expire in two days and urges them to prevent it by logging in through the promoted site. It must be emphasized that this is a phishing scam;
Our research team discovered the GetItDark browser extension while inspecting deceptive software promoting webpages. This piece of software promises to create a dark mode for simple design websites. However, our analysis of this rogue extension revealed that it operates as adware instead.
"Adobe Reader File email scam" refers to spam campaigns that proliferate PDF documents containing links to phishing websites. After inspecting a fake "Focke & Co" letter with the subject "Bill of landing", we determined that it is an instance of the "Adobe Reader File email scam". This letter
Our inspection of the "I Know That You Cheat On Your Partner" email revealed that it is spam, which operates as a variation of the sextortion scam. The scammers behind this spam campaign claim to have proof of the recipients' infidelity and threaten to leak it - unless they pay a ransom. It must
While inspecting dubious software promoting websites, our researchers discovered one endorsing the Baro box browser extension. Our analysis of this extension revealed that it operates as a browser hijacker - changes browser settings to cause redirects to the barosearch.com fake search engine. Baro
Our researchers discovered the takeekatthree[.]xyz rogue page during a routine investigation into untrustworthy websites. This webpage promotes online scams, pushes spam browser notifications, and redirects visitors' to different (likely unreliable/dangerous) sites. Users typically enter takeekat
While inspecting questionable software-promoting websites, our research team discovered Images downloader. This rogue browser extension promises to improve and simplify image downloading. However, our analysis revealed that Images downloader operates as adware instead. It is pertinent to m
VantageAdvisor is a piece of rogue software that our research team discovered while looking through new submissions to VirusTotal. It is yet another adware-type app belonging to the AdLoad malware family. Adware stands for advertising-supported software. It is designed to run intrusive a