Myth is an information stealer written in Rust programming language. The stealer is designed to target browsers built on both Gecko and Chromium engines, stealing sensitive data such as passwords, cookies, and autofill details. It also employs anti-analysis measures, including string obfuscation a
Our analysis has shown that this is a deceptive page mimicking the official XRP Ledger site (xrpl.org). It is designed to lure users into connecting their wallets to "claim XRP" (to receive a reward). The scammers behind this site aim to steal cryptocurrency from unsuspecting individuals. IM
Dire Wolf is ransomware our team discovered while examining malware samples uploaded to VirusTotal. Once executed, Dire Wolf encrypts files and appends the ".direwolf" extension to them. For example, it renames "1.jpg" to "1.jpg.direwolf" and "2.png" to "2.png.direwolf". Additionally, the ransomwa
While investigating suspect websites, our researchers discovered this fake "Multichain" page (arbiusclaim.pages[.]dev; potentially, other domains). This webpage impersonates the official Multichain website (multichain.org). The scam aims to deceive users into exposing their digital wallets to a cr
After reviewing this "Webmail Server" email, we learned that it is spam. This fake suspicious sign-in alert aims to trick recipients into visiting a phishing website that targets email account log-in credentials. It must be stressed that this message is not associated with any legitimate service p
Our inspection of the "Order Placement" email revealed that it is malspam. This message lures recipients into opening a malicious attachment by presenting it as an order placement. The goal of this campaign is to infect recipients' devices with malware. The spam email with the subject "Ref
After reading this "Data From All Your Devices Is Copied To My Servers" email, we determined that it is a sextortion scam. This spam message claims that the recipient's devices were infected, and the malware was used to record a sexually explicit video of them. If the recipient refuses to meet the
Whiventatism[.]com is a rogue webpage discovered by our researchers during a routine inspection of suspicious sites. This page promotes browser notification spam and generates redirects to different (likely unreliable/dangerous) websites. The majority of visitors to whiventatism[.]com and similar
Our research team found the chmicutuding[.]com rogue page while browsing dubious websites. Upon examination, we determined that this webpage endorses browser notification spam and redirects users to other (likely untrustworthy/malicious) sites. Most visitors to chmicutuding[.]com and similar pages
Our inspection of the "Cloud - Your Payment Method Has Expired" email revealed that it is spam. This is a phishing email targeting recipients' financial information by claiming that they have run out of Cloud storage and recommending an upgrade. The spam email with the subject "Cloud Stora