PhantomCard is a banking trojan targeting Android devices. This malware is offered as MaaS (Malware-as-a-Service) by a threat actor dubbed "Go1ano developer". PhantomCard was not developed by "Go1ano developer"; it is a custom malware based on "NFU Pay" MaaS created by a Chinese-speaking threat ac
While investigating suspicious websites, our researchers discovered this fake "Uranus" airdrop. It claims that those who are eligible can claim a reward, and by attempting to receive this boon – users unintentionally expose their cryptocurrency wallet to a drainer. Essentially, victims of this sca
Our researchers found this fake "World Liberty Financial" airdrop during a routine investigation. This deceptive webpage impersonates the official website of World Liberty Financial (worldlibertyfinancial.com). Users who are enticed by the airdrop promoted on this page unintentionally expose their
Our analysis of proposal-ethena[.]network shows that it is a fraudulent website impersonating the legitimate Etherna platform (ethena.fi). The operators of this fake site attempt to steal cryptocurrency through a malicious tool. Users are strongly advised to avoid interacting with the fraudulent p
While browsing suspect websites, our researchers discovered brapapplabolial[.]com. Upon examination, we learned that this rogue webpage promotes browser notification spam and redirects users to different (likely untrustworthy/harmful) sites. Most visitors to pages like brapapplabolial[.]com enter
Our researchers found the enescoly[.]com rogue page while investigating dubious websites. After examining this webpage, we determined that it promotes browser notification spam and redirects users to different (likely unreliable/harmful) sites. Enescoly[.]com and similar pages are most commonly a
Navixzuro.co[.]in is a rogue webpage discovered by our researchers during a routine inspection of suspicious sites. Upon examination, we learned that this page endorses spam browser notifications and redirects users to different (likely unreliable/harmful) websites. The majority of visitors to na
Traders is ransomware that we discovered while inspecting malware samples uploaded to VirusTotal. Upon infiltration, Traders encrypts files and appends the victim's ID and the ".traders" extension to them. Also, the malware creates a ransom note, "README.TXT". An example of how Traders renames en
Cephalus is a malicious program classified as ransomware. Software within this classification is designed to encrypt files and demand payment for the decryption. On our test machine, Cephalus encrypted files and added a ".sss" extension to their names. To elaborate, a file originally titled "1.jp
Our review of hazzbonew[.]com reveals that the site uses clickbait to persuade visitors into allowing notifications. If permission is given, it can deliver deceptive alerts, such as fake system warnings, that may put users' privacy and security at risk. Therefore, it is strongly advised to avoid i