While checking the VirusTotal page for recently submitted malware samples, we discovered an information stealer called PureLogs. Cybercriminals use malware of this type to steal sensitive data that can be monetized in one way or another. Typically, information-stealing malware runs silently in the
Spin2wincash[.]xyz is a rogue webpage that our researchers encountered while investigating suspicious sites. After inspecting this page, we determined that it is designed to promote scams and browser notification spam. It can also redirect visitors to other (likely untrustworthy/harmful) websites.
Our research team discovered the reliabledesktopguard[.]site rogue webpage while inspecting dubious websites. This page promotes scams and browser notifications spam. It is also capable of redirecting visitors to other (likely unreliable/malicious) sites. Reliabledesktopguard[.]site and similar w
After examining nativepcprotocol[.]com, we concluded that it is an untrustworthy website running the "McAfee - Your PC is infected with 5 viruses!" scam. The purpose of this page is to trick visitors into purchasing legitimate antivirus software. In addition to showing deceptive messages, nativepc
MoneyMonger (also known as SpyLoan) is the name of a malicious program that infiltrates systems under the guise of various apps offering quick loan services. This malware uses the Flutter framework to hide its maliciousness and avoid detection. MoneyMonger operates as spyware and data-stealing mal
Bttu is one of the Djvu ransomware variants. It encrypts data and appends the ".bttu" extension to the filenames of encrypted files. Also, Bttu ransomware creates the "_readme.txt" file to provide contact and payment information. An example of how Bttu renames files: it changes "1.jpg" to "1.jpg.b
Our researchers found the EssentialWindow app while inspecting new submissions to VirusTotal. After analyzing this piece of software, we determined that it is adware. EssentialWindow runs intrusive advertisement campaigns and collects private data. This application belongs to the AdLoad malware
We have examined this email and concluded that it is a phishing email written by scammers who promote crypt-related scam websites. Scammers behind it aim to steal cryptocurrency and (or) sensitive information. This email should be marked as spam and deleted. There are at least two variants
While checking out untrustworthy websites, our research team discovered the flintguard[.]top rogue page. It is designed to push browser notification spam and redirect users to different (likely dubious/malicious) websites. Visitors to pages like flintguard[.]top primarily access them via redirects
After inspecting the "Just Finished Sending 300 E-mails" letter, we determined that it is spam. This fake notification informs recipients that their account has been used to send a high volume of emails. The spam letter aims to trick users into providing their email account log-in credentials to a