Upon inspection of the "DHL Agreement Documents" email, we determined that it is spam. This letter is disguised as a notification from DHL Express – the mail service of the DHL logistics company. It claims to contain copies of documentation as an attachment. However, it is a phishing file targetin
Our researchers discovered an installer containing CastaneaSativa during a routine investigation of deceptive sites. Upon analysis, we learned that this malicious extension tracks browsing data and modifies browsers. CastaneaSativa is capable of managing the apps, extensions, themes, and o
"QQL Mint Pass" is a scam that operates as a crypto drainer. This scheme is modeled on the QQL generative art collaborative experiment that is linked to the Archipelago platform. The QQL algorithm allows users who possess a Mint Pass to create (mint) official QQL NFTs (Non-Fungible Tokens) with th
After a thorough examination, the determined outcome is that this appears to be a fraudulent scheme posing as a giveaway (in the form of an airdrop event) supposedly organized by Binance and MetaMask. It has been devised by scammers with the intent of pilfering cryptocurrency from unsuspecting ind
Earthheartsmith[.]top is the address of a rogue webpage discovered by our researchers during a routine inspection of dubious sites. After investigating this page, we determined that it is designed to promote browser notification spam and redirect visitors to other (likely unreliable/harmful) websi
In the process of our assessment, it has surfaced that this is a scam email masquerading as a notification from COETZEE & FISHER ATTORNEYS. Scammers behind this email aim to trick recipients into believing that they can receive a large sum of money. Emails of this kind are used to extract pers
Karsovrop is a malicious program classed as ransomware; it encrypts data and demands ransoms for its decryption. Our research team discovered Karsovrop during a routine investigation of new submissions to the VirusTotal website. This ransomware encrypted files and altered their filenames on our t
In the course of our review of malware samples on VirusTotal, a ransomware variant dubbed Abyss has been discovered. Abyss encrypts data and appends the ".Abyss" extension to filenames. Additionally, this ransomware changes the desktop wallpaper and creates a ransom note ("WhatHappened.txt"). An
It has been determined that Uphasp.app is an advertising-supported application associated with the Pirrit family. This app inundates users with annoying advertisements, and engaging with these ads may redirect users to unreliable pages. Additionally, Uphasp.app may have the capability to collect
Our researchers discovered Appendix.app while reviewing new file submissions to the VirusTotal platform. After analyzing this application, we learned that it is adware belonging to the Pirrit malware family. Appendix.app operates by running intrusive advertisement campaigns. Adware stand