Our researchers discovered Zen ransomware while inspecting new submissions to the VirusTotal website. This malicious program is part of the Dharma ransomware family. Zen is designed to encrypt data and demand ransoms for the decryption. On our test machine, this ransomware encrypted files and alt
We have examined the page (aitech4learning[.]com) and found that it is a deceptive site mimicking the official Fuel (fuel.network) web page. Scammers created it to deceive visitors into taking actions that can result in cryptocurrency theft. It is important to recognize scam websites and avoid int
Our analysis of the site (etherealgovernance[.]app) has revealed that it is a fake web page. It is designed to appear like the original Ethereal website (ethereal.monster) to trick individuals into taking actions that can result in the theft of their cryptocurrency. Thus, it is highly advisable no
We have inspected the website (worldliberty-financial[.]net) and found that it is a fake site mimicking the original one (worldlibertyfinancial.com). Both web pages have similar designs. However, the fraudulent one is utilized to steal cryptocurrency from victims. Users should avoid visiting the f
RedFox is ransomware, which we discovered during our inspection of malware samples uploaded to VirusTotal. It encrypts files and appends the victim's ID and ".redfox" extension to them. For example, it renames "1.jpg" "1.jpg.{0262C7DC-1D6D-44DE-914B-5F2CBAAA094E}.redfox", "2.png" to "2.png.{0262C7
Our researchers discovered stablesecurepage[.]com while investigating dubious websites. This rogue page promotes browser notification spam and generates redirects to other (likely unreliable/dangerous) sites. Most visitors access stablesecurepage[.]com and similar webpages via redirects caused by
Our researchers discovered Ribbon.app while inspecting new file submissions to the VirusTotal website. After investigating this application, we learned that it is advertising-supported software from the Pirrit adware family. Ribbon.app is designed to generate revenue for its developers/publisher
Our researchers discovered this fake "$USD1 Token" airdrop (usd1-worldlibertyfi[.]com; potentially other domains) while investigating suspicious websites. This scam imitates the World Liberty Financial website running a USD1 airdrop and aims to trick users into exposing their cryptowallets to a dr
Our researchers found Midnight malware while investigating file submissions to VirusTotal. This malicious program is part of the Babuk ransomware family. Midnight is a ransomware-type program designed to encrypt files and demand ransoms for the decryption. Once we launched a sample of Midnight on
mac.c is a stealer-type malware written in the C programming language. It can infect all Mac operating system versions above macOS Sierra. This malicious program is designed to steal sensitive information from compromised devices, including personal files, passwords, and cryptocurrency wallets.