While investigating web pages associated with suspicious advertising networks, our team encountered fadszone[.]com. Upon analysis, we have determined that fadszone[.]com engages in a deceptive practice by utilizing a clickbait technique to deceive visitors into subscribing to its notifications. It
NURRI is ransomware our malware researchers discovered while inspecting samples on the VirusTotal page. We found that NURRI is part of the Phobos family. It encrypts files, appends the ".NURRI" extension to filenames (along with the victim's ID and nury_espitia@tuta.io email address), and provides
Not-robot[.]top is a rogue webpage that is designed to promote spam browser notifications and redirect users to other (likely unreliable/harmful) sites. Most visitors to this and similar pages access them via redirects caused by websites using rogue advertising networks. Our research team discove
Our inspection of the "MailBox Warning" email revealed that it is fake. This spam letter falsely claims that irregular activity was detected on the recipient's email account. The goal of this phishing mail is to trick recipients into disclosing their account credentials. The email with the
After reviewing the "Account Status At Risk" email, we determined that it is spam. By making false claims that the recipient's email account will be suspended, it aims to trick them into providing their log-in credentials to a phishing website. The spam email with the subject "Take steps t
After investigating the "Microsoft Outlook Account Will Be Disconnected" letter, we determined that it is a phishing email targeting log-in credentials. The recipient is warned that due to unresolved issues, their Microsoft Outlook account will be deactivated. However, this is a ploy to trick them
CustomerLoader is a malicious program designed to cause chain infections. In other words, it loads additional malicious components and programs onto compromised devices. All known CustomerLoader infections relied on the DotRunpeX injector trojan to infiltrate the final payload. Over forty malware
While examining this email, our team determined that it is a fraudulent phishing attempt. The email is crafted by scammers who falsely claim to represent Zelis, a genuine company operating in the healthcare technology sector. The intention of these scammers is to deceive recipients into divulging
While examining malware samples on VirusTotal site, our team discovered a ransomware variant named Available_for_trial. The purpose of Available_for_trial is to encrypt data. In addition to encrypting files, Available_for_trial renames files and creates a ransom note ("how_to_decrypt.hta"). Avail
Lucky is the name of a ransomware-type program that our researchers discovered during a routine inspection of new submissions to the VirusTotal website. This malicious program is part of the Phobos ransomware family. On our test machine, Lucky encrypted files and altered their filenames. Original