This email is disguised as a letter regarding TurboTax Christmas offers. Cybercriminals use it to deliver Dridex banking malware. Their goal is to trick recipients into opening a malicious attachment. Cybercriminals behind this email claim that recipients can increase their tax refund befo
CoinHelper is a piece of malicious software designed to infect devices with other malware. This program is specifically used to inject systems with cryptocurrency miners. Additionally, CoinHelper is associated with clippers (clipboard replacers). CoinHelper's campaigns are largely focused on Asia
Search.3bamfz.com is the address of a fake search engine promoted through a browser-hijacking application. The app used to promote search.3bamfz.com changes the web browser's settings and adds the "Managed by your organization" feature. Users rarely download and install browser hijackers knowing
AdvancedServices is a piece of rogue software classified as adware. It also has browser hijacker traits. Due to the dubious methods used to distribute apps of this type, they are considered to be PUAs (Potentially Unwanted Applications). Adware enables the placement of third-party graphi
CoreSource generates advertisements and promotes a fake search engine by hijacking a web browser. Most likely, it is distributed using deceptive methods. Thus, it falls into the category of potentially unwanted applications (PUAs). Users often download and install such apps unintentionally.
"Volksbank email scam" is a spam campaign targeting German-speaking users. These emails are disguised as mail from the Volksbanken und Raiffeisenbanken - a real brand of cooperative banks in Germany. The goal of this spam mail is to promote a fake website presented as the genuine site of the afore
"Terra Wallet" refers to a phishing scam promoted on various deceptive websites. This scheme targets Terra (LUNA) cryptocurrency storing wallet credentials. Therefore, users can have their digital wallets stolen by attempting to access their cryptowallets via these scam sites. Cryptocurren
Yqal is ransomware that encrypts files, appends its extension (".yqal") to filenames, and generates a ransom note (the "_readme.txt" file). An example of how Yqal modifies filenames: it renames "1.jpg" to "1.jpg.yqal", "sample.png" to "sample.png.yqal", and so on. Yqal is part of the Djvu ransomwa
Spdate[.]com is a rogue site akin to captcharesolverhere.top, new-updates-service.com, yoursurveyprogram.com, and thousands of others. It is designed to load dubious content and/or redirect visitors to different (likely unreliable or malicious) websites. Rogue pages are typically entered via redi
Part of the MedusaLocker ransomware family, Reads is a malicious program that encrypts data (renders files unusable) and demands ransoms for the decryption. Compromised files are appended with a ".reads" extension, e.g., a file like "1.jpg" would appear as "1.jpg.reads", "2.jpg" as "2.jpg.reads",