After analyzing this email, we determined that it is a sextortion scam threatening to share (disclose) videos of recipients visiting adult websites and their personal information. This email aims to trick recipients into sending a specified amount of Bitcoins to the provided wallet. None of the cl
Cleanyourpcnow[.]com is a rogue webpage that we found while inspecting dubious sites. It runs scams, promotes browser notification spam, and redirects users to other (likely untrustworthy/malicious) webpages. Users typically access such pages through redirects caused by websites using rogue advert
Our researchers discovered yet another app belonging to the AdLoad malware family - named SpaceEnergy - during a routine inspection of new submissions to VirusTotal. This application operates as advertising-supported software (adware), i.e., it delivers intrusive advertisement campaigns. Additio
While inspecting rogue websites, our research team found the shaxon[.]shop deceptive webpage. It is designed to promote scams, and at the time of research, it ran "Hackers are watching you!". By making false claims about the visitor's device being hacked, infected, or at risk - scams of this kin
During a routine inspection of untrustworthy websites, our researchers discovered the updates-center[.]com rogue page. It promotes browser notification spam and redirects visitors to other (likely unreliable/malicious) sites. Most users enter updates-center[.]com and similar webpages via redirects
First researched by Microsoft Threat Intelligence Center (MSTIC) in collaboration with Citizen Lab, DevilsTongue is a piece of multifunctional malicious software written in C and C++ programming languages. MSTIC's findings suggest that DevilsTongue is associated with cyber criminals developing/se
After examining this email, we learned that it is sent by scammers who pretend to be Unicaja - a Spanish savings bank. The whole letter is written in the Spanish language. It contains a website link. Scammers behind this email attempt to trick recipients into opening that link and providing person
Luca (also known as RSStealer) is a piece of malicious software categorized as a stealer. Malware of this kind operates by extracting a wide range of vulnerable data from infected devices. The Luca stealer is written in the Rust programming language. This program's source code was leaked by its d
Our team discovered the StepWarrior application after downloading and testing a fake Adobe Flash Player installer (that installer was downloaded from an unofficial site). We found that the purpose of StepWarrior is to display intrusive advertisements. Thus, we concluded that StepWarrior operates
While examining malware samples submitted to the VirusTotal website, we discovered Nitro22 ransomware - malware that encrypts files to blackmail victims. Also, Nitro22 changes the desktop wallpaper and creates a ransom note (the "#Decryption#.txt" file), and appends the ".nitro" extension to filen