Our research team found the chobsychontleic.co[.]in rogue page during a routine investigation of dubious websites. It operates by promoting spam browser notifications and redirecting visitors to different (likely untrustworthy/harmful) sites. Most users access pages like chobsychontleic.co[.]in vi
"Claim Fomo" is a scam that impersonates the official website of the fomo application. The imitator page implies an airdrop or something similar. Users who are deceived into connecting their digital wallets to the scam site – inadvertently expose it to a cryptocurrency drainer. IMPORTANT NOT
After examining this "Account Verification Alert" email, we determined that it is spam. This fake message warns the recipient that they will experience email service interruptions or even lose their account if they do not verify it. This phishing campaign targets email account log-in credentials.
Mammon is a malicious program categorized as ransomware, not to be confused with the Makop ransomware of the same name. Malware within this category is designed to encrypt data and demand payment for its decryption. On our test machine, Mammon encrypted files and changed their names. Original fil
Our researchers discovered the Koqlpo Cynav Tool PUA (Potentially Unwanted Application) while inspecting suspicious sites. This app operates as a dropper for the Legion Loader malware. It is noteworthy that installation setups like the one containing Koqlpo Cynav Tool often include multiple pieces
We have inspected the page (claim-4g5.pages[.]dev) and concluded that it is a copy of the original ZORA (zora.co) site. The fake website offers users the chance to claim $ZORA tokens as a lure. Its purpose is to trick individuals into taking actions that can lead to the theft of their cryptocurren
Our analysis of flyforads[.]top shows that the site uses a clickbait technique to convince users to allow it to send notifications. After permission is granted, it floods users with deceptive messages that can lead to untrustworthy websites. For this reason, users should avoid granting flyforads[.
We have inspected hilierigurrious[.]com and discovered that it uses clickbait to lure visitors into accepting its notifications. Once permission to show notifications is granted, hilierigurrious[.]com bombards users with fake warnings, alerts, offers, and similar content to promote shady websites.
Bert is ransomware designed to encrypt files and append its extension (".encryptedbybert") to filenames. An example of how the ransomware renames files: it changes "1.jpg" to "1.jpg.encryptedbybert", "2.png" to "2.png.encryptedbybert", etc. Upon encryption, Bert drops a ransom note (".note.txt") c
We have examined sweprotect.co[.]in and concluded that it is an untrustworthy website that displays a misleading message to deceive visitors into allowing it to send notifications. If permitted, sweprotect.co[.]in can show notifications containing fake warnings and similar messages. Thus, users sh