After examining the "Your E-mail Will Be Closed" spam letter, we determined that it is malspam. This fake message claims that the recipient's email account will be terminated unless it is updated. The goal is to lure the recipient into opening the malicious attachment, which is designed to infect
Our analysis uncovered that goghoordsurvey[.]top is an unreliable website involved in a survey scam. Also, this website attempts to prompt users to enable notifications and redirects them to other shady websites. It is crucial to emphasize that users do not deliberately visit sites like goghoordsu
Our researchers discovered the ComplexPortal application while inspecting new submissions to the VirusTotal website. After investigating this app, it operates as advertising-supported software (adware). ComplexPortal is part of the AdLoad malware family. Adware is designed to generate re
ThirdEye is the name of an information stealer targeting Windows users. Although this malware is not classified as highly advanced, its primary objective is to extract sensitive information from compromised systems. The stolen data can serve as a foundation for subsequent cyber attacks. Th
DARKKUR is the name of a ransomware-type program. Malware within this category is designed to encrypt data and demand payment for its decryption. DARKKUR appends the filenames of encrypted files with a unique ID assigned to the victim, the cyber criminals' email address, and an extension. The ext
PindOS is a malware written in JavaScript. It is designed to cause chain infections and has been observed being used to infiltrate Bumblebee and IcedID malicious programs into compromised systems. There is tenuous evidence suggesting that the threat actors behind PindOS malware are Russian.
While checking out questionable sites, our researchers discovered the captchawave[.]top rogue webpage. Its goal is to deceive visitors into permitting it to deliver browser notification spam. Additionally, this page can cause redirects to other (likely untrustworthy/dangerous) websites. Most visi
NetworkImagine is a rogue app that we discovered while investigating new submissions to VirusTotal. Our examination of this application revealed that it operates as adware and that it is part of the AdLoad malware family. Adware stands for advertising-supported software. It operates by d
Easylifescan[.]com is the address of a rogue webpage designed to promote online scams and spam browser notifications. At the time of research, it ran the "You've visited illegal infected website" scam. Additionally, this page can redirect users to different (likely unreliable/dangerous) sites. Mo
We have examined arrowtoldilim[.]com and found that the purpose of this page is to deceive visitors into allowing it to send notifications. Arrowtoldilim[.]com aims to achieve that by displaying a deceptive message and other elements. Additionally, arrowtoldilim[.]com redirects users to similar we