Rans0m Resp0nse (R|R) is ransomware developed using a leaked LockBit source code. It encrypts files, appends its extension (a random string of characters, e.g., ".RSN6Lzcyg"), and creates a ransom note ("[random_string].README.txt]"). An example of how Rans0m Resp0nse (R|R) renames files: it chang
In our analysis of the site (airdrop.soonetwork[.]org), we uncovered that it is a deceptive web page masquerading as the official SOON (soo.network) platform. We also found that the purpose of the fake web page is to steal cryptocurrency from victims through a malicious tool. It is highly advisabl
We found this fake "$PEPU Staking" website (pepu-sushi[.]top; possibly other domains) while investigating suspicious sites. It claims that a staking pool has been opened and offers huge rewards. The goal of this scam is to lure users into exposing their digital wallets to a cryptocurrency drainer.
After examining this "SharePoint Meeting Document" email, we determined that it is spam. This fake message is presented as a notification concerning a new meeting and a shared document. It must be stressed that this email is not associated with SharePoint. The purpose of this spam campaign is to s
HexaLocker is a malicious program classed as ransomware. It operates by encrypting data and demanding payment for the decryption. This ransomware renames the files it encrypts by adding a ".hexalocker" extension, e.g., a file titled "1.jpg" appears as "1.jpg.hexalocker", "2.png" as "2.png.hexalock
While investigating rogue websites, our researchers discovered an installer carrying the Crowq Utils Sol PUA (Potentially Unwanted Application). Upon analysis, we determined that Crowq Utils Sol acts as a dropper for the Legion Loader malware. However, it might be used to infiltrate other harmful
After inspecting this "Standard Chartered Bank - Transfer Confirmation" email, we determined that it is fake. This phishing message is presented as a transaction notification from Standard Chartered, but it is in no way associated with this bank. This spam campaign targets recipients' email accoun
X2anylock is ransomware, potentially based on Lockbit 3.0 (another ransomware). It encrypts files, drops a ransom note ("How to decrypt my data.txt"), and appends the ".x2anylock" extension to files. For instance, it changes "1.jpg" to "1.jpg.x2anylock" and "2.png" to "2.png.x2anylock". Screen
We have examined the site (claim.kiloex[.]rest) and concluded that it is a scam designed to trick individuals into believing they can claim free cryptocurrency by connecting their crypto wallets. The purpose of this scam site is to steal cryptocurrency from victims. It should not be trusted and sh
Our researchers discovered the "WhiteRock ($WHITE) Proposal" scam while investigating dubious websites. This scam masquerades as the WhiteRock (whiterock.fi) platform. It operates as a cryptocurrency drainer (by siphoning digital assets) and lures victims into exposing their wallets with a poll co