PHISHING INDEX
Below are the most common email phishing attempts detected by TG Soft's Anti-Malware Research Center in JANUARY 2024:
30/01/2024 =>
EuroPages
30/01/2024 =>
Mooney
27/01/2024 =>
BRT
25/01/2024 =>
Istituto Bancario (Bank)
24/01/2024 =>
Aruba - Fattura scaduta (Expired invoice)
18/01/2024 =>
Smishing UniCredit
17/01/2024 =>
Smishing Istituto di Credito (Bank)
13/01/2023 =>
Account Posta Elettronica (Email Account)
11/01/2024 =>
Account di Posta Elettronica
10/01/2024 =>
Trenitalia
09/01/2024 =>
Aruba - Fattura non pagata (Unpaid invoice)
09/01/2024 =>
Account Posta Elettronica (Email Account)
08/01/2024 =>
MetaMask
09/01/2024 =>
Mooney
07/01/2024 =>
Mooney
01/01/2024 =>
Aruba - fattura non pagata (Unpaid invoice)
These emails are intended to trick some unfortunate person into providing sensitive data - such as bank account information, credit card codes or personal login credentials - with all the possible easily imaginable consequences.
30 January 2024 ==> Phishing EuroPages
«SUBJECT: <Leonardo Rossi ti ha inviato un messaggio di richiesta riguardante il tuo prodotto> (Leonardo Rossi sent you a request message concerning your product)
We find again this month the following phishing attempt, that appears as a
EuroPages communication, and aims to steal the login credentials of the victim's account.
The message, supposedly from
EuroPages, the largest international B2B sourcing platform, notifies the user that a message about his product, listed on EuroPages, has arrived from a certain "Leonardo Rossi". It then invites him to log into his/her account to view the request message, via the following link:
ACCEDI AL MIO ACCOUNT (LOGIN TO MY ACCOUNT)
Analyzing the email, we notice that the message comes from an email address not traceable to the official
EuroPages' domain <
maisano(at)gruppocracco(dot)com>. This is definitely anomalous and should, at the very least, make us suspicious..
Anyone who unluckily clicks on the link
ACCEDI AL MIO ACCOUNT (LOGIN TO MY ACCOUNT), will be redirected to an anomalous WEB page, which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for malicious purposes.
30 January 2024 ==> Phishing Mooney
SUBJECT: < Nuovo aggiornamento > (New Update)
Below we analyze the following phishing attempt that comes as a false communication from Mooney, the Italian Proximity Banking & Payments company.
The message informs the recipient that he needs to update his information.
It then invites him to update his/her profile by following the security steps through the following link:
Aggiornamenti (Updates)
This time the phishing campaign simulates a communication allegedly from the Italian online payment company Moone, which is clearly unrelated to the mass sending of these emails that are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Analyzing the text of the message, we notice right away that the alert message comes from an e-mail address that could be misleading, but is not traceable to Moone's domain <noreply32425(at)mooney(dot)it>, although the cybercriminal had the foresight to include the company's logo. Let's always be very careful before clicking on suspicious links.
Anyone who unluckily clicks on the link
Aggiornamenti (Updates) will be redirected to an anomalous WEB page, which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for malicious purposes.
27 January 2024 ==> Phishing BRT
«SUBJECT
< Il tuo pacco non può essere consegnato 63AUIT66001 > (Your package cannot be delivered 63AUIT66001)
Below is a new phishing attempt, hiding behind a false communication from
BRT's service, concerning the delivery of a supposed package.
The message notifies the unsuspecting recipient that his/her shipment is pending due to unpaid additional customs fees. It then informs him that in order to receive the package, he must pay the customs fees of 2.28 euros. These messages are increasingly used to commit fraud against consumers who more and more use e-commerce for their purchases.
The following link is provided to complete the payment:
Conferma il pagamento (Confirm the payment)
The alert email comes from an email address that is unrelated to
BRT's domain <iubenda(at)magmalab(dot)eu>, this is definitely abnormal and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the link will be redirected to an anomalous WEB page, which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for malicious purposes.
25 January 2024 ==> Phishing Istituto Bancario (Bank)
SUBJECT:
<Importante > (Important)
We analyze below another phishing attempt, coming through an e-mail that, exploiting the well-known name of a national banking institution, try to pass themselves off as an official communication, to induce the unsuspecting recipient to insert his/her data. In this way the victim falls into a social engineering trap.
The message informs the unsuspecting recipient that, because of a security adjustment procedure of its security systems - in compliance with the European Directive on online payment transactions - in order to continue operating on banking channels, his profile needs to be updated.
To proceed with the profile update, users are asked to confirm the personal information provided on the Banking Institution's website at the time of registration and to confirm their identity, via the following link:
Avvia la verifica >> (Start verification).
We can see from the outset that the alert message comes from an e-mail address <alfred(at)qhb(dot)t9iba(dot)info> that is very suspicious. Moreover the text, unlike official communications of this kind, is extremely poor and generic.
The purpose is to lead the victim to click on the link in order to continue using his account, exploiting the urgency of the communication.
Anyone who unluckily clicks on the link will be redirected to an anomalous WEB page, which is unrelated to the official website of the well-known banking institution, but which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for illegal purposes.
Considering the above, we urge you to pay close attention to any misleading details, reminding you that any Banking Institution, including the one in the present case, is clearly unrelated to the massive sending of these phishing campaigns. We also urge you, in case of doubt, to check the bank’s official website, which has repeatedly reported attempted scams exploiting its brand.
24 January 2024 ==> Phishing Aruba - Fattura scaduta (Expired invoice)
SUBJECT:
<Aruba.it - Avviso di Fattura Scaduta 24/01/2024> (Aruba.it - Expired Invoice Notice 24/01/2024)
Phishing attempts, pretending to be communications from
Aruba brand, continue.
The message informs the recipient that his domain hosted on
Aruba, linked to his e-mail account, will expire on 24/01/2024. It then warns him that if the domain is not renewed, it will be deactivated along with all the services associated with it, including email accounts. He will therefore no longer be able to receive and send messages.
It then invites the user to log in to renew services, via the following link:
RINNOVA IL DOMINIO (RENEW THE DOMAIN)
Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Analyzing the text of the message we notice right away that the sender's e-mail address comes from a generic <Assistenza Clienti> (Customer Support), used as a label to hide the real sender, which is unrelated to Aruba's official domain. This is definitely anomalous and should, at the very least, make us suspicious. We can see, however, that the cyber criminal had the foresight to include the well-known Aruba logo to make the message more trustworthy.
Anyone who unluckily clicks on the link
RINNOVA IL DOMINIO (
RENEW THE DOMAIN), you will be redirected to an anomalous WEB page that is unrelated to Aruba's official website, but which has already been reported as a DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals who want to get hold of your most valuable data in order to use it for illegal purposes.
18 January 2024 ==> Smishing UniCredit
We analyze below a new smishing attempt to obtain sensitive data through a fraudulent text message.
The message, seemingly from Unicredit, alerts the unsuspecting recipient of a €221.45 payment request and invites him or her to verify the transaction via the link provided.
The criminals, through the false detection of a suspicious transaction, induce the user to promptly log into home banking for verification, thus stealing his/her credentials.
Clearly, for non-customers of Unicredit, the scam is simpler to understand. However, even customers of the bank, can easily understand that this is a real attempt at computer fraud.
In fact already at a glance, the malicious link on the text message seems anomalous and certainly not traceable to the official Unicredit's website.
We would also like to remind you that financial institutions don’t send an alert text message to report any abnormal access.
Anyone who unluckily clicks on the link, will be redirected to an anomalous WEB page, which is not related to the official Unicredit's website, but which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for criminal purposes.
17 January 2024 ==> Smishing Istituto di Credito (Bank)
We analyze below two smishing attempts, carried out through messages that, exploiting the well-known name of a national banking institution, try to pass themselves off as an official communication, to induce the unsuspecting recipient to insert his data. In this way the victim falls into a social engineering trap.
In the messages above, the recipient is informed that an expenditure of Euro 1750.00 has been requested from his bank account.
It then invites him to make a report, in case he/she didn't request it, through the proposed link. We notice that the messages are similar, what changes is the landing site, which redirects to two different url addresses:
"
https://grupo***[.]com" e "
https://um****nt[.]com"
Surely, if the recipient of the text message is not a customer of the well-known banking institution, he will perceive more clearly the anomaly of this text message. In the case analyzed, however, the recipient is actually a customer of the banking institution, and the message comes in the chat where the codes to authorize credit card payments are delivered . Therefore, it is even more crucial to know how to recognize these, now widespread, attempts at computer fraud. Above all, it is important to remember that under no circumstances banking institutions/payment circuits require customers to provide their payment card information through e-mail, text messages or call centers.
In the given example, we can first observe that the text message received is very generic. In fact, it addresses a ''
Gentile cliente'' ('Dear Customer') without reporting any identifying information about the account holder, something very suspicious. Clearly, the intention of the cyber criminals is to urge the user to promptly click on the link to block the unauthorized payment.
As we can see from the image shown, the web page where you are redirected is really well done in that it simulates the official website of the banking institution, being reasonably misleading, both graphically and textually.
In fact, to reassure the user of the authenticity of the page, the cyber-criminals had the foresight to insert the authentic logo and set the page with the same graphics as the official website.
The access page for account management, however, is hosted on an anomalous address/domain that is not traceable to the official domain of the banking institution and which we report below:
"
https://grupo***[.]com"
or
"
https://um****nt[.]com"
Both links redirect to a web page, hosted on two different, graphically identical, domains.
By entering login information on this FORM, this information will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks.
11 January 2024 ==> Phishing Account Posta Elettronica (Email Account)
SUBJECT: <
New document from ***** Office admin>
We analyze below the phishing attempt that aims to steal the victim's e-mail account credentials.
The message, in English, informs the recipient of a new shared document that appears to be sent by the mail account administrator. It then invites the victim to view the .pdf document by downloading it at the following link:
DOWNLOAD PDF
Analyzing the email, we notice that the message comes from an email address not traceable to the server hosting the mailbox <
kunze(at)thientranlong123(dot)shop>. This is definitely anomalous and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the
DOWNLOAD PDF
link, will be redirected to an anomalous WEB page, which, as we can see from the side image, is unrelated to the e-mail account manager.
The page to which we are redirected, to enter our mail account credentials, is hosted on an anomalous address/domain, which we report below:
https[:]//bafkreigsy7grro3oyncupnjsllqqz5n5twhe4up5n4pikouddrrab35c2i[.]ipfs....
We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks with all the associated, easily imaginable, risks.
10 January 2024 ==> Phishing Trenitalia
Below we analyze the following text message scam attempt that hides behind a false communication from
Trenitalia.
It is a text message referring to a ''
Promozione di Capodanno'' (New Year's Promotion) that would allow only a lucky few to travel for free...or so it seems.
For many inexperienced users, it is certainly a real decoy.
After all, the vacation season has just ended, and some people are already thinking about planning their next vacation... a
Trenitalia railcard to travel for free is really tempting!
Clearly,
Trenitalia is unrelated to the mass sending of these text messages, which are true scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Therefore, keep your eyes open: all it takes to avoid unpleasantness is a little bit of attention and glance.
First of all, the landing page where we are redirected by clicking on the provided link, although graphically well done (with misleading images and the authentic
Trenitalia logo), does not seem trustworthy at all.
In fact, the survey to obtain the prize, is hosted on the following anomalous web page:
"https[:]//wpclick[.]cc/....''
which has no connection with
Trenitalia.
Cyber criminals masterminding the scam, try to trick the user into quickly completing the survey, under the pretext that there are only a few lucky people and that the gifts are about to run out.
To give added credibility, numerous comments from customers, who apparently participated in the survey, have also been reported. These testimonials/feedback are intended to confirm that the winnings are genuine and not a scam.
Surely if so many users have been lucky why not try your luck by filling out a simple survey?!
|
So here we are at the end of the survey.
Responses seem successfully submitted and saved. Now we can enjoy a simple little game to try our luck: we have 3 attempts to find the free gift card inside some gift packages...
|
How lucky we are!!!
After 2 attempts we made it: we managed to get the Trenitalia gift card for 1 year of free travel....
Too bad it's not over yet... new instructions are provided to complete the winning.
|
Here's the surprise: as highlighted in the image, winning is dependent on sharing the promotion to multiple groups and contacts on WhatsApp. Once you complete the progress bar you will be able to enter your delivery address and complete the registration.
So not only an attempt to steal our sensitive data but also a kind of chain letter!!
The purpose in this case is to spread this scam attempt to as many contacts as possible.. in this way we become "accomplices" of the cybercriminal by spreading the "promotion" to our contacts.
To conclude, we always urge you to be wary of any message that asks you to enter confidential data, even if there are prizes or discount vouchers up for grabs, and avoid clicking on suspicious links which could lead to a counterfeit site, difficult to distinguish from the original one. This way, in fact, your most valuable data is put into the hands of cyber crooks who can use it for malicious purposes.
9 January 2024 ==> Phishing Aruba - Fattura non pagata (Unpaid invoice)
SUBJECT: <
Fattura non pagata 09/01/2024>
(Unpaid invoice 09/01/2024)
Phishing attempts, pretending to be communications from the
Aruba brand, continue this month.
The message informs the recipient that his domain hosted on Aruba, linked to his e-mail account, will expire on 09/01/2024. It then warns him that he/she will have to manually renew his services to avoid the deletion of the account and thus the deactivation of all services associated with it, including mailboxes, (and thus the ability to send and receive messages).
It then invites the user to log in to renew services, via the following link:
RINNOVA IL (RENEW THE)
Clearly, the well-known web hosting, e-mail and domain registration services company,
Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Analyzing the text of the message, we notice right away that the sender's e-mail address <
postmaster(at)combellbe(dot)com> is not from
Aruba's official domain.
In order to induce the victim to proceed with the renewal of his mailbox in a timely manner, the expiration date of 09/01/2024 is indicated ...which incidentally coincides with the date of receipt of the e-mail. Hence there is not much time available to make the renewal and prevent the deactivation of services. The indication of a brief deadline to conclude the procedure is, obviously, intended to push the user to act immediately and without much thought.
Anyone who unluckily clicks on the link
RINNOVA IL (RENEW THE), will be redirected to the displayed page.
This page, unlike what we expected, does not redirect to the login form of
Aruba's RESERVED AREA but hosts an online payment form that seems to rely on the
BancaSella circuit. Here the entry of the credit card data is requested to pay the modest amount of Euro 5.42.....
Although the hurry and the fear of email box suspension may push the user to quickly conclude the operation, we see from the url that the payment form is not on the official domain of
Aruba or even
BancaSella:
https[:]//fattura[.]site[.]ku5li1KgGYy6BBCpppr8f12PMka1pJlLzMOEx.....
Therefore, we urge you not to hurry and to remember that to avoid cyber fraud attempts, it is necessary to pay attention to every detail, even trivial ones.
By proceeding to enter the requested data, specifically credit card details, it will be delivered to the cyber-criminals creators of the scam, who will use it for criminal purposes.
13 - 09 January 2024 ==> Phishing Account Posta Elettronica (Email Account)
We analyze below the following phishing attempts that aim to steal the credentials of the victim's e-mail account.
EXAMPLE 1
< Your account ***** password expire today >
EXAMPLE 2
«Removal of **** from *****»
In the examples above, in English, the customer is alerted that he needs to proceed to update his e-mail account. In the first example, the criminal communicates that the password is expiring and that the user must proceed within 3 hours to confirm that he wants to keep the same password otherwise a new one will be generated by the system. In the second example instead, the message, informs the recipient that in order to free up space in the database, inactive accounts are being deleted. Therefore, if users are not confirmed within 7 day, the account will be deleted
In both cases, the purpose is to get the user to click on the link in the email, using also a time limit to leverage the urgency of the message:
Keep Current Password or Confirm *****
To recognize these phishing attempts, it is first necessary to analyze the sender's e-mail address, which as we can see in the 2 cases shown: <
contact(at)polyflor(dot)co(dot)nz>; <
dierenselaan(at)readshop(dot)nl> definitely do not come from the server hosting the mailbox.
Very often these messages are poorly written emails containing spelling errors or renewal requests for non-expiring services, as they leverage the urgency or data security to get the user to proceed to enter his/her data.
In addition, we should analyze the links or attachments of these messages, which usually redirect to a counterfeit website where we are asked to enter our personal information (such as account username and password) or personal information (such as credit card to make account renewals). If this information is entered, it would be used by cyber criminals for malicious purposes.
8 January 2024 ==> Phishing MetaMask
«SUBJECT:
<Immediate Action Required: Enable 2FA for Account Safety>
We analyze below a new phishing attempt aimed to steal the victim's cryptocurrency wallet login credentials of MetaMask, a San Francisco-based company.
MetaMask is a cryptocurrency software wallet used to interact with the Ethereum blockchain. It allows users to access their Ethereum wallet via a browser extension or mobile app.
The message (in English) which we analyze below, informs the recipient that, in order to increase the level of security, all
MetaMask users are being asked to activate two-factor authentication (2FA). To proceed, the user must click on the following link:
Activate 2FA
Analyzing the e-mail, we notice that the message comes from a highly suspicious e-mail address, not traceable to the official
MetaMask domain <
tls6(at)ccb18089e0(dot)nxcli(dot)io>. This is definitely anomalous and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the link Activate 2FA, will be redirected to an abnormal WEB page, unrelated to the official
MetaMask's site, where you are requested to continue if you wish to proceed with 2-factor authentication.
The page to which you are redirected may be misleading in that the cyber criminal had the foresight to include the
MetaMask logo. We see, however, that it is hosted on an anomalous address/domain, which we report below:
https[:]//activate-2fa[.]io/welcome
We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks.
09 - 07 January 2024 ==> Phishing Mooney
Below we analyze the following phishing attempts that comes as a false communication from Mooney, the Italian Proximity Banking & Payments company.
EXAMPLE 1
< Messaggio importante
(Important message)
EXAMPLE 2
«[Notifica] Area Clienti!»
([Notification] Customer Area!)
In the examples above, the customer is told that, for security reasons, he/she must update his
Mooney account otherwise he will no longer be able to use his card or his/her account will be temporarily blocked until he proceeds with the update.
The purpose is clearly to get the user to click on the link provided in the email:
Clicca qui per attivare o Accedi (Click here to activate or Login)
This time the phishing campaign simulates a communication from the Italian online payments company
Mooney, which is clearly unrelated to the mass sending of these emails. These are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
To detect these phishing attempts, it is first necessary to analyze the sender's e-mail address which, as we can see in the 2 reported cases: <communications(at)venture(dot)org(dot)nz> <noreply(at)softpointcloud(dot)com>, definitely do not come from
Mooney's official domain.
Very often these messages are poorly written emails with spelling errors or renewal requests for non-expiring services, as they leverage urgency or security of users’ data to get them to enter their data.
In addition, we should analyze the links or attachments of these messages, which usually redirect to a counterfeit website asking for our personal information, such as our account username and password or personal information ( i.e. credit card details to make account renewals). If this information is entered, it will be used by cyber criminals for illegal purposes.
1 January 2024 ==> Phishing Aruba - Fattura non pagata (Unpaid invoice)
SUBJECT:
<
Fattura non pagata 01/01/2024 .> (Unpaid invoice 01/01/2024)
We find again in the new year, phishing attempts pretending to be communications from the
Aruba brand.
The message informs the recipient that his domain hosted on
Aruba, linked to his e-mail account, will expire on 01/01/2024. It then warns the victim that he will have to manually renew his services to avoid the deletion of the account and thus the deactivation of all services associated with it, including mailboxes ( and therefore the possibility to receive and send messages).
It then invites the user to log in to renew services, via the following link:
RINNOVA IL DOMINIO (RENEW THE DOMAIN)
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Analyzing the text of the message we notice right away that the sender's e-mail address is not from the official domain of
Aruba, <
aruba(dot)restaurantcastello(dot)ru>. This is definitely anomalous and should, at the very least, make us suspicious. However, that the cyber criminal had the foresight to include the well-known
Aruba logo to make the message more trustworthy.
Anyone who unluckily clicks on the link
RINNOVA IL DOMINIO (RENEW THE DOMAIN), you will be redirected to an anomalous WEB page that is unrelated to Aruba's official website, but which has already been reported as a DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals who want to get hold of your most valuable data in order to use it for illegal purposes.
A little bit of attention and glance, can save a lot of hassles and headaches..
We urge you NOT to be fooled by these types of e-mails, which, even though they use familiar and not particularly sophisticated approach techniques, if there is a resurgence, with reasonable likelihood more than a few unfortunates will be fooled.
We invite you to check the following information on Phishing techniques for more details:
11/12/2023 09:39 - Phishing: the most common credential and/or data theft attempts in December 2023.
03/11/2023 08:58 - Phishing: the most common credential and/or data theft attempts in November 2023...
03/10/2023 16:35
- Phishing: the most common credential and/or data theft attempts in October 2023...
05/09/2023 10:35 - Phishing: the most common credential and/or data theft attempts in September 2023...
01/08/2023 17:33
- Phishing: the most common credential and/or data theft attempts in August 2023..
03/07/2023 10:23
- Phishing: the most common credential and/or data theft attempts in July 2023..
07/06/2023 15:57
- Phishing: the most common credential and/or data theft attempts in June 2023..
03/05/2023 17:59
- Phishing: the most common credential and/or data theft attempts in May2023....
05/04/2023 17:34 - Phishing: the most common credential and/or data theft attempts in April2023..
03/03/2023 16:54 - Phishing: the most common credential and/or data theft attempts in March 2023..
06/02/2023 17:29 -Phishing: the most common credential and/or data theft attempts in February 2023..
02/01/2023 15:28
- Phishing: the most common credential and/or data theft attempts in January 2023..
Try Vir.IT eXplorer Lite
If you are not yet using Vir.IT eXplorer PRO, it is advisable to install Vir.IT eXplorer Lite -FREE Edition- to supplement the antivirus in use to increase the security of your computers, PCs and SERVERS.
Vir.IT eXplorer Lite has the following special features:
- freely usable in both private and corporate environments with Engine+Signature updates without time limitation;
- fully interoperable with other AntiVirus software and/or Internet Security products (both free and commercial) already installed on your computer. It doesn't need any uninstallation and it doesn't cause slowdowns, as some features have been appropriately reduced to ensure interoperability with the AntiVirus software already on your PC/Server. This, however, allows cross-checking through the scan;
- it identifies and, in many cases, even removes most of the viruses/malware actually circulating or, alternatively, allows them to be sent to the C.R.A.M. Anti-Malware Research Center for further analysis to update Vir.It eXplorer PRO;
- through Intrusion Detection technology, also made available in the Lite version of Vir.IT eXplorer, the software is able to report any new-generation viruses/malware that have set in automatically and send the reported files to TG Soft's C.R.A.M
- proceed to download Vir.IT eXplorer Lite from the official distribution page of TG Soft's website.
VirIT Mobile Security AntiMalware ITALIAN for ALL AndroidTM Devices
VirIT Mobile Security Italian Anti-Malware software that protects Android™ smartphones and tablets, from Malware intrusions and other unwanted threats, and empowers the user to safeguard their privacy with an advanced heuristic approach (Permission Analyzer).
TG Soft makes VirIT Mobile Security available for free by accessing the Google Play Store market (https://play.google.com/store/apps/details?id=it.tgsoft.virit) from which you can download the Lite version, which can be freely used in both private and corporate settings.
You can upgrade to the PRO version by purchasing it directly from our website=> click here to order
Acknowledgements
TG Soft's Anti-Malware Research Center would like to thank all users, customers, reseller technicians, and all people who have transmitted/reported material attributable to Phishing activities to our Research Center, that allowed us to make this information as complete as possible.
How to submit suspicious emails for analysis as possible phishing but also virus/malware or Crypto-Malware
You can submit materials to TG Soft's Anti-Malware Research Center safely and free of charge in two ways:
- any suspect email can be sent directly by the recipient's e-mail, to the following mail lite@virit.com,choosing as sending mode "Forward as Attachment" and inserting in the subject section "Possible phishing page to verify" rather than "Possible Malware to verify";
- save the e-mail to be sent to TG Soft's C.R.A.M. for analysis as an external file to the e-mail program used. The resulting file must be sent by uploading it from the page Send Suspicious Files (http://www.tgsoft.it/italy/file_sospetti.asp). Obviously if you want a feedback on the analysis of the data submitted, you have to indicate an e-mail address and a brief description of the reason for the submission (for example: possiible / probable phishing; possible / probable malware or other).
For more details on how to safely forward suspicious e-mails, we invite you to consult the following public page: How to send suspicious emails for analysis
We provide all this information to help you prevent credential theft, viruses/malware or, even worse, next-generation Ransomware / Crypto-Malware.
TG Soft's C.R.A.M. (Anti-Malware Research Center)
