We have inspected the website (worldliberty-financial[.]net) and found that it is a fake site mimicking the original one (worldlibertyfinancial.com). Both web pages have similar designs. However, the fraudulent one is utilized to steal cryptocurrency from victims. Users should avoid visiting the f
RedFox is ransomware, which we discovered during our inspection of malware samples uploaded to VirusTotal. It encrypts files and appends the victim's ID and ".redfox" extension to them. For example, it renames "1.jpg" "1.jpg.{0262C7DC-1D6D-44DE-914B-5F2CBAAA094E}.redfox", "2.png" to "2.png.{0262C7
Our researchers discovered stablesecurepage[.]com while investigating dubious websites. This rogue page promotes browser notification spam and generates redirects to other (likely unreliable/dangerous) sites. Most visitors access stablesecurepage[.]com and similar webpages via redirects caused by
Our researchers discovered Ribbon.app while inspecting new file submissions to the VirusTotal website. After investigating this application, we learned that it is advertising-supported software from the Pirrit adware family. Ribbon.app is designed to generate revenue for its developers/publisher
Our researchers discovered this fake "$USD1 Token" airdrop (usd1-worldlibertyfi[.]com; potentially other domains) while investigating suspicious websites. This scam imitates the World Liberty Financial website running a USD1 airdrop and aims to trick users into exposing their cryptowallets to a dr
Our researchers found Midnight malware while investigating file submissions to VirusTotal. This malicious program is part of the Babuk ransomware family. Midnight is a ransomware-type program designed to encrypt files and demand ransoms for the decryption. Once we launched a sample of Midnight on
mac.c is a stealer-type malware written in the C programming language. It can infect all Mac operating system versions above macOS Sierra. This malicious program is designed to steal sensitive information from compromised devices, including personal files, passwords, and cryptocurrency wallets.
Our analysis of mescnetwork[.]pro uncovered that this page uses clickbait (a deceptive method) to trick visitors into permitting it to send notifications to their devices. Moreover, the site exploits this permission to deliver fake warnings and similar content that can lead users to potentially ma
PupkinStealer is an information stealer developed using the .NET. This malware steals sensitive information from infected systems and transmits it to attackers through Telegram, a common exfiltration channel used by cybercriminals. Victims should remove PupkinStealer from infected computers immedi
PureHVNC is a Remote Access Trojan (RAT). This type of malware enables remote access/control over infected devices. PureHVNC has extensive data-stealing abilities. This trojan has been proliferated via fake generative AI websites promoted through Facebook. There is strong evidence suggesting that