Gentlemen is ransomware that encrypts files and appends a random extension to them. For example, during encryption a file named "1.jpg" is changed to "1.jpg.7mtzhh", "2.png" to "2.png.7mtzhh", and so fort. Also, provides a ransom note ("README-GENTLEMEN.txt"). Its purpose is to extract money from
Osprey is information-stealing malware designed to harvest sensitive data from infected systems. It targets cryptocurrency wallets, various game data, system information, and other details. Cybercriminals can use it to hijack accounts, steal money and identities, and for other malicious purposes.
Maranhão is an information-stealing malware written in Node.js and delivered through Inno Setup installers. It targets various sensitive information, including cryptocurrency wallet data. Its infiltration can lead to privacy issues, monetary loss, and other problems. If detected on a system, Maran
Our analysis of the site (app.hyperswapx[.]exchange) has uncovered that it is a fraudulent copy of the official HyperSwap platform (app.hyperswap.exchange). The site is intended to deceive users into connecting their wallets, allowing scammers to steal their cryptocurrency. This deceptive site sho
HybridPetya is ransomware that shares similarities with Petya and NotPetya. One of the main differences is that HybridPetya can bypass UEFI Secure Boot defenses on vulnerable systems - it starts its malicious activities before the operating system even loads. Like most ransomware variants, HybridP
After reading this "Rainbow Lottery" email, we determined that it is spam. It claims that the recipient's email address has been randomly selected as a winner of one million GBP (pound sterling). The purpose of this spam campaign is to trick victims into disclosing sensitive data and potentially
Our researchers found istomegiessts.co[.]in while browsing untrustworthy sites. We determined that this rogue webpage promotes spam browser notifications and causes redirects to other (likely dubious/malicious) websites. Istomegiessts.co[.]in and similar pages are most commonly accessed via redire
While investigating suspicious websites, our researchers found this fake "Kaito" airdrop. It imitates the Kaito AI platform and promises to triple users' investments. However, digital assets sent to the cryptowallet promoted by this scam are lost, and no return is received. IMPORTANT NOTE: W
We have inspected the email and concluded that it is a phishing email disguised as a notification from an email service provider. Scammers use this scam to trick recipients into opening a fake website and entering personal information. Recipients should ignore this email to avoid account hijacking
We have reviewed searchcalm.com and concluded that it is a fake search engine. Using searchcalm.com can expose users to privacy and security risks. It is important to note that fake search engines are often promoted through unwanted extensions known as browser hijackers. Searchcalm.com is