In the course of our inspection of malware samples on VirusTotal, we came across a variant of Lapsus$ Group ransomware dubbed LAPSUS$ (ZZART3XX). LAPSUS$ encrypts data and appends the ".EzByZZART3XX" extension to filenames. Additionally, LAPSUS$ provides a ransom note ("Open.txt") and changes the
Our research team found the ExploreFast app while reviewing new file submissions to the VirusTotal site. After analyzing ExploreFast, we determined that it is advertising-supported software (adware). Additionally, we learned that this application is part of the AdLoad malware family. Adw
Our researchers discovered the fundatingquest[.]fun page during a routine investigation of untrustworthy websites. Upon inspection, we determined that this rogue webpage promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites. The majority of visitors t
Our researchers discovered InitialEngine during a routine inspection of file submissions to the VirusTotal platform. After examining this piece of software, we learned that it is adware from the AdLoad malware family. InitialEngine is designed to display ads and may possess other harmful capabil
While reviewing file submissions to the VirusTotal platform, our research team discovered an advertising-supported software called VisualFlexibility. This application is part of the AdLoad malware family. VisualFlexibility adware is designed to deliver intrusive advertisement campaigns.
After inspecting the "Order List" email, we determined that it is malspam. This malicious spam email claims to have an order list attached to it. If a recipient is lured into clicking the bogus attachment, they download the Agent Tesla RAT's executable. This RAT (Remote Access Trojan) is a piece o
This "Blast Airdrop" is fake. When users attempt to participate in this airdrop (giveaway), they trigger a cryptocurrency-draining mechanism that empties their wallets of funds. This scam promises to distribute the Blast (BLAST) cryptocurrency. Users are instructed to connect their cryptow
Our analysis of the email identified it as a fake notification posing as a letter from WeTransfer, a Dutch internet-based file transfer service company. The email is designed to deceive recipients into divulging personal information, a tactic commonly known as phishing. Emails of this kind should
When examining magmaheartforger[.]top, it was noted that the page uses deceptive methods to trick visitors into allowing it to show notifications. There are at least two versions of magmaheartforger[.], both created for the same purpose. Also, magmaheartforger[.]top may redirect to other unreliabl
Rage (also known as RageStealer, xStealer) is an information-stealing malware. This stealer was previously known as Priv8 until its rebrand – Rage – resurfaced in the summer of 2023. This malicious program is designed to exfiltrate data, predominantly log-in credentials (usernames/passwords).