Pcworksscanner[.]com is a shady website that displays fake/deceptive messages to trick visitors into believing that their computers are infected. It runs the "McAfee - Your PC is infected with 5 viruses!" scam. Also, pcworksscanner[.]com asks for permission to show notifications. Our team discover
During a routine inspection of suspicious websites, our researchers found one promoting the Audio Finder browser extension. It is presented as a tool capable of detecting the source of audio on any webpage and then making it available for download. However, our inspection of this extension reveale
While checking the VirusTotal page for recently submitted malware samples, we discovered an information stealer called PureLogs. Cybercriminals use malware of this type to steal sensitive data that can be monetized in one way or another. Typically, information-stealing malware runs silently in the
Spin2wincash[.]xyz is a rogue webpage that our researchers encountered while investigating suspicious sites. After inspecting this page, we determined that it is designed to promote scams and browser notification spam. It can also redirect visitors to other (likely untrustworthy/harmful) websites.
Our research team discovered the reliabledesktopguard[.]site rogue webpage while inspecting dubious websites. This page promotes scams and browser notifications spam. It is also capable of redirecting visitors to other (likely unreliable/malicious) sites. Reliabledesktopguard[.]site and similar w
After examining nativepcprotocol[.]com, we concluded that it is an untrustworthy website running the "McAfee - Your PC is infected with 5 viruses!" scam. The purpose of this page is to trick visitors into purchasing legitimate antivirus software. In addition to showing deceptive messages, nativepc
MoneyMonger (also known as SpyLoan) is the name of a malicious program that infiltrates systems under the guise of various apps offering quick loan services. This malware uses the Flutter framework to hide its maliciousness and avoid detection. MoneyMonger operates as spyware and data-stealing mal
Bttu is one of the Djvu ransomware variants. It encrypts data and appends the ".bttu" extension to the filenames of encrypted files. Also, Bttu ransomware creates the "_readme.txt" file to provide contact and payment information. An example of how Bttu renames files: it changes "1.jpg" to "1.jpg.b
Our researchers found the EssentialWindow app while inspecting new submissions to VirusTotal. After analyzing this piece of software, we determined that it is adware. EssentialWindow runs intrusive advertisement campaigns and collects private data. This application belongs to the AdLoad malware
We have examined this email and concluded that it is a phishing email written by scammers who promote crypt-related scam websites. Scammers behind it aim to steal cryptocurrency and (or) sensitive information. This email should be marked as spam and deleted. There are at least two variants