The “Leave Request Form” email is part of a phishing campaign that tries to phish users’ email login credentials. The email is disguised as a message from the HR department, supposedly sending recipients the leave request form for June 2025. This phishing campaign is sent on a massive scale to random users in the hopes that someone is expecting a…
PUA:Win32/PiriformBundler is the detection name used by anti-virus programs like Microsoft Defender to detect potentially unwanted programs (PUPs) developed by Piriform Software. Programs detected using this detection name are not necessarily malicious, but they have features that many anti-virus programs consider unwanted. Specifically, the programs’ use of software bundling is what makes them problematic. What’s more, many of the programs…
The “Account Password Is Old” email is part of a phishing campaign that targets users’ email login credentials. The email is disguised as a notification from the email service provider, supposedly informing users that their passwords are about to expire. The email asks that users use the provided link to either update or keep their current password before it expires.…
squetofer.com is a misleading site and aims to deceive users into enabling advertisements on their desktops. When you visit the site, you’ll see a browser alert saying “squetofer.com wants to show notifications”. This site exploits a legitimate browsing feature that allows notifications to be displayed on users’ desktops. If you click “Allow”, you grant squetofer.com permission to show notifications on…
“Pi Network Airdrop” crypto scam refers to fake websites that imitate the legitimate Pi Network Airdrop (minepi.com) website to phish users’ cryptocurrency wallet login credentials. The scam is hosted on sites like 2pidays.net and 2pidays.us, and these sites are designed to look like the legitimate minepi.com site. The scam sites promote fake airdrops. If users interact with the scam sites,…
Win.MxResIcn.Heur.Gen is a detection name used by the MaxSecure anti-virus program. There has recently been an influx of posts on various forums about MaxSecure detecting legitimate programs (e.g., Brave browser) as Win.MxResIcn.Heur.Gen. The detection is a heuristic, meaning MaxSecure considers the detected item to be behaving in a way that resembles malware. Heuristic detections do not necessarily mean malware. Users seem to…
Trojan:Win32/Znyonm is a detection name used to identify backdoor malware like Pikabot, Remcos RAT, and GuLoader. Backdoor malware is a type of infection that stays dormant on a device until it’s commanded to download another malicious payload. If no security software is installed on a device, these trojans can stay unnoticed as they do not exhibit any obvious signs of…
The “Urgent Security Alert” email is part of a phishing campaign that aims to steal users’ email login credentials. The email is disguised as a notification from the email service provider, supposedly informing users that their passwords will expire and their accounts will be restricted and even permanently deactivated. The email asks that users take immediate steps to maintain the…