Blitz is a two-stage malware targeting Windows systems. The first stage acts as a downloader, while the second stage installs the Blitz bot. Once active, the bot gives attackers remote control over the infected device, enabling them to steal information (such as keystrokes and screenshots) and lau
Dersinstion[.]com is a rogue page discovered by our researchers during a routine inspection of dubious websites. It operates by promoting browser notification spam and redirecting visitors to other (likely unreliable/hazardous) sites. Most users enter dersinstion[.]com and analogous webpages via r
We have inspected bsm-defender[.]pro and found that it is a misleading web page crafted to trick visitors into allowing it to send notifications. The site exploits this permission to show fake notifications that can lead users to untrustworthy websites. Thus, bsm-defender[.]pro should not be trust
Our researchers discovered this fake "Galxe" webpage while investigating questionable websites. The page is disguised as the official Galxe site (galxe.com); it supposedly allows users to claim Galxe OATs (On-chain Achievement Tokens). This fraudulent webpage operates as a cryptocurrency drainer
While testing Traiolx Custom Utils, we discovered that it does not offer any features to users. Moreover, it contains a malware loader called Legion Loader and other unwanted components. Installing Traiolx Custom Utils can lead to computer infections and other issues. Thus, users should avoid inst
Our team has examined Helper (malware we discovered while inspecting samples uploaded to VirusTotal) and concluded that it is ransomware. Once infiltrated, Helper encrypts files and provides a ransom note ("README.TXT"). It also modifies filenames by appending the victim's ID and the ".helper" ext
In our analysis of ecoaturicudses[.]com, we found that this website uses clickbait to lure users into consenting to get notifications from it. Once this permission is given, ecoaturicudses[.]com starts sending fake warnings, alerts, and other deceptive messages. This page can expose users to scams
Our analysis of the site (pepeofmind[.]com) has uncovered that it is fake. This page is a copy of the original MIND of Pepe website (mindofpepe.com). It is created to deceive unsuspecting individuals into taking actions that allow scammers to steal their cryptocurrency. If encountered, this page s
While inspecting untrustworthy sites, our researchers discovered the inj-protect[.]pro rogue webpage. It endorses spam browser notifications and generates redirects to different (likely dubious/dangerous) websites. The majority of visitors to inj-protect[.]pro and similar pages access them through
While examining suspicious websites, our researchers discovered this fake "Atomic Wallet" page. It masquerades as the official site (atomicwallet.io). This is a phishing scam, i.e., the imitator webpage seeks to extract users' digital wallet log-in credentials. IMPORTANT NOTE: We do not revi