Our researchers discovered this fake "$USD1 Token" airdrop (usd1-worldlibertyfi[.]com; potentially other domains) while investigating suspicious websites. This scam imitates the World Liberty Financial website running a USD1 airdrop and aims to trick users into exposing their cryptowallets to a dr
Our researchers found Midnight malware while investigating file submissions to VirusTotal. This malicious program is part of the Babuk ransomware family. Midnight is a ransomware-type program designed to encrypt files and demand ransoms for the decryption. Once we launched a sample of Midnight on
mac.c is a stealer-type malware written in the C programming language. It can infect all Mac operating system versions above macOS Sierra. This malicious program is designed to steal sensitive information from compromised devices, including personal files, passwords, and cryptocurrency wallets.
Our analysis of mescnetwork[.]pro uncovered that this page uses clickbait (a deceptive method) to trick visitors into permitting it to send notifications to their devices. Moreover, the site exploits this permission to deliver fake warnings and similar content that can lead users to potentially ma
PupkinStealer is an information stealer developed using the .NET. This malware steals sensitive information from infected systems and transmits it to attackers through Telegram, a common exfiltration channel used by cybercriminals. Victims should remove PupkinStealer from infected computers immedi
PureHVNC is a Remote Access Trojan (RAT). This type of malware enables remote access/control over infected devices. PureHVNC has extensive data-stealing abilities. This trojan has been proliferated via fake generative AI websites promoted through Facebook. There is strong evidence suggesting that
We have inspected the website (convergeclaim[.]xyz) and concluded that it is a copy of the Converge page (convergeonchain.xyz). It offers users to participate in a giveaway to trick them into taking actions that can lead to significant monetary losses. This page should be avoided and closed if eve
Our analysis of Datarip has uncovered that it is ransomware from the MedusaLocker family. Once executed on a device, it encrypts files and appends the ".datarip" extension to them. For example, it renames "1.jpg" to "1.jpg.datarip", "2.png" to "2.png.datarip", and so forth. Additionally, Datarip
Our examination of the website (arbus[.]claims) has revealed that it is a fraudulent site crafted to steal cryptocurrency from unsuspecting individuals. The scammers copied the look of the legitimate Arbus site (arbus.ai) to deceive users. Users should be careful when landing on such pages to avoi
NETXLOADER is a .NET-based malware loader. Cybercriminals use it to deploy other malware in their attacks (e.g., other loaders or ransomware). Once on the infected device, NETXLOADER typically loads another malware first to disable defenses and establish persistence. These attacks can result in da