During our inspection of malware samples uploaded to VirusTotal, we discovered the 9062 ransomware, which is based on Chaos ransomware. Upon execution, 9062 encrypts files and appends the ".9062" extension to files (e.g., it renames "1.jpg" to "1.jpg.9062" and "2.png" to "2.png.9062"). Additional
Our research team discovered dopotics[.]com while examining suspicious websites. This rogue page is designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/harmful) sites. Dopotics[.]com and analogous webpages are primarily accessed via redirects caused b
Bgv-adguard[.]pro is a rogue webpage discovered by our research team during a routine inspection of suspicious sites. This page is designed to promote browser notification spam and redirect visitors to other (likely untrustworthy/hazardous) websites. Webpages like bgv-adguard[.]pro are most common
Our researchers discovered this fake "$STARS Airdrop" while investigating untrustworthy websites. It must be emphasized regardless of any visual similarities to existing projects/platforms – this bogus airdrop is not associated with any of them. This scam operates as a cryptocurrency drainer – i.e
Our inspection of the "Affirm Account Status By Completing CAPTCHA" email revealed that it is spam. This is a phishing scam that targets email log-in credentials through a lure concerning inactive account reduction efforts. The spam email with the subject "Confirm You Are Not A Robot (19cа
Blitz is a two-stage malware targeting Windows systems. The first stage acts as a downloader, while the second stage installs the Blitz bot. Once active, the bot gives attackers remote control over the infected device, enabling them to steal information (such as keystrokes and screenshots) and lau
Dersinstion[.]com is a rogue page discovered by our researchers during a routine inspection of dubious websites. It operates by promoting browser notification spam and redirecting visitors to other (likely unreliable/hazardous) sites. Most users enter dersinstion[.]com and analogous webpages via r
We have inspected bsm-defender[.]pro and found that it is a misleading web page crafted to trick visitors into allowing it to send notifications. The site exploits this permission to show fake notifications that can lead users to untrustworthy websites. Thus, bsm-defender[.]pro should not be trust
Our researchers discovered this fake "Galxe" webpage while investigating questionable websites. The page is disguised as the official Galxe site (galxe.com); it supposedly allows users to claim Galxe OATs (On-chain Achievement Tokens). This fraudulent webpage operates as a cryptocurrency drainer
While testing Traiolx Custom Utils, we discovered that it does not offer any features to users. Moreover, it contains a malware loader called Legion Loader and other unwanted components. Installing Traiolx Custom Utils can lead to computer infections and other issues. Thus, users should avoid inst