While inspecting suspicious websites, our researchers found the kkheo.co[.]in rogue page. It is designed to promote browser notification spam and redirect users to other (likely untrustworthy/harmful) sites. Kkheo.co[.]in and pages akin to it are primarily accessed via redirects caused by websites
After inspecting this "Unrecognized Lоgіn Attempt" email, we learned that it is spam. This message alerts the recipient of a suspicious sign-in to their account. The spam campaign in question aims to extract recipients' email account log-in credentials through a phishing site. This spam em
We have inspected the website (claim-hilo[.]app) and found that it mimics the official HILO site, hilo.app. The fake one promotes a fraudulent giveaway to trick users into taking actions that can result in cryptocurrency loss. It is important to recognize fake crypto platforms to avoid financial l
We have reviewed the email and found that it is a phishing scam. The message is disguised as a notification from QuickBooks and includes a deceptive link. The purpose of this scam is to extract personal information from recipients. It should be ignored and deleted if ever received. The sca
Vetraxluna.co[.]in is a rogue webpage discovered by our researchers while investigating dubious sites. Upon examination, we learned that this page endorses spam browser notifications and redirects users to other (likely unreliable/harmful) websites. The majority of visitors to vetraxluna.co[.]in
During a routine inspection of suspicious sites, our researchers discovered this fake "$TOSHI" airdrop. This scam page impersonates the official Toshi website (toshithecat.com). Victims are lured into exposing their digital wallets to a cryptocurrency drainer by a bogus TOSHI airdrop. IMPORT
Sakura is a RAT (Remote Access Trojan). It is a versatile tool capable of allowing attackers to control infected machines remotely. Sakura RAT has been distributed under various disguises by being embedded into GitHub repositories. These campaigns were undertaken by a financially-motivated threat
Sorillus is a multifunctional remote administration trojan (RAT) based on Java that is offered as malware-as-a-service. The attackers behind Sorillus RAT use fake invoice-themed emails as their main method of delivering the malware. The developers offer the RAT for sale at €59.99 for lifetime acce
While investigating untrustworthy websites, our research team discovered the SafeWatch PUA (Potentially Unwanted Application). In most cases, software within this classification has harmful capabilities. Hence, the presence of unwanted programs on a device poses a risk to device integrity and user
We have examined the page (token-echoprotocol[.]xyz) and discovered that it is a fraudulent copy of the original Echo Protocol site (echo-protocol.xyz). The fake site is designed to trick visitors into believing that they can claim tokens. However, the real goal is to steal cryptocurrency from vic