ARCH WIPER is ransomware that we discovered during our inspection of samples submitted to the VirusTotal platform. This ransomware encrypts files and appends ".Arch" extension to them (e.g., it renames "1.jpg" to "1.jpg.Arch" and "2.png" to "2.png.Arch"). Also, ARCH WIPER creates a ransom note ("W
During our inspection of realfastads[.]top, we found that it is an untrustworthy website that displays misleading content to obtain permission to show notifications. Once this permission is granted, realfastads[.]top sends deceptive notifications to trick users into opening other dubious sites.
We have analyzed the site and concluded that its purpose is to trick visitors into allowing it to send notifications. Nonsondfee.co[.]in uses a deceptive technique to get this permission. After receiving it, nonsondfee.co[.]in delivers notifications containing fake warnings and similar content.
We have examined the page (app.saaharalabs[.]com) and found it to be deceptive. It mimics the original website (saharalabs.ai) to trick visitors into performing steps that could lead to cryptocurrency theft. To protect crypto assets, this and similar (unofficial) sites should be avoided. IMP
Enhancechain-flow[.]com is a rogue page discovered by our researchers during a routine investigation of dubious websites. After examining this webpage, we learned that it endorses browser notification spam and generates redirects to different (likely unreliable/hazardous) sites. The majority of v
Our inspection of "Message Restriction Activity" that it is a phishing email. This spam message claims that multiple emails did not reach the inbox, and when an attempt to review them is made – recipients are deceived into disclosing their account log-in credentials. This spam email claims
Our researchers discovered the "SUNWUKONG Token Hunt" scam while investigating dubious websites. This deceptive page promotes a cryptocurrency drainer – it operates by siphoning funds from victims' digital wallets. It must be emphasized that this scam is not associated with any existing projects o
In our analysis of the website (cryptobeastreal[.]com), we found that it promotes a fake cryptocurrency giveaway (airdrop). This site includes a hidden malicious tool allowing scammers to drain crypto wallets (steal cryptocurrency from victims). It should be avoided and closed if ever opened.
"Pendle Ecosystem Rewards" is a scam that impersonates the Pendle website (pendle.finance). The fake page runs a poll on rewards, and when users attempt to vote – they are deceived into exposing their digital wallets to a cryptocurrency drainer. It must be emphasized that this scam is in no way as
During our inspection, we found that mohett.co[.]in uses deceptive tactics, such as clickbait, to manipulate visitors into agreeing to receive its show notifications. Once this permission is granted, the page misuses it to push fake alerts and other misleading content that may direct users to harm