Our researchers discovered the StarFire ransomware while reviewing new file submissions to the VirusTotal platform. This malicious program encrypts data and demands payment for the decryption. On our test machine, StarFire encrypted files and appended their names with a ".Celestial" extension. To
Our research team found the parreadver[.]com rogue page while browsing dubious websites. After investigating this webpage, we learned that it endorses spam browser notifications and redirects users to different (likely dubious/malicious) sites. Most visitors to parreadver[.]com and analogous pages
ARCH WIPER is ransomware that we discovered during our inspection of samples submitted to the VirusTotal platform. This ransomware encrypts files and appends ".Arch" extension to them (e.g., it renames "1.jpg" to "1.jpg.Arch" and "2.png" to "2.png.Arch"). Also, ARCH WIPER creates a ransom note ("W
During our inspection of realfastads[.]top, we found that it is an untrustworthy website that displays misleading content to obtain permission to show notifications. Once this permission is granted, realfastads[.]top sends deceptive notifications to trick users into opening other dubious sites.
We have analyzed the site and concluded that its purpose is to trick visitors into allowing it to send notifications. Nonsondfee.co[.]in uses a deceptive technique to get this permission. After receiving it, nonsondfee.co[.]in delivers notifications containing fake warnings and similar content.
We have examined the page (app.saaharalabs[.]com) and found it to be deceptive. It mimics the original website (saharalabs.ai) to trick visitors into performing steps that could lead to cryptocurrency theft. To protect crypto assets, this and similar (unofficial) sites should be avoided. IMP
Enhancechain-flow[.]com is a rogue page discovered by our researchers during a routine investigation of dubious websites. After examining this webpage, we learned that it endorses browser notification spam and generates redirects to different (likely unreliable/hazardous) sites. The majority of v
Our inspection of "Message Restriction Activity" that it is a phishing email. This spam message claims that multiple emails did not reach the inbox, and when an attempt to review them is made – recipients are deceived into disclosing their account log-in credentials. This spam email claims
Our researchers discovered the "SUNWUKONG Token Hunt" scam while investigating dubious websites. This deceptive page promotes a cryptocurrency drainer – it operates by siphoning funds from victims' digital wallets. It must be emphasized that this scam is not associated with any existing projects o
In our analysis of the website (cryptobeastreal[.]com), we found that it promotes a fake cryptocurrency giveaway (airdrop). This site includes a hidden malicious tool allowing scammers to drain crypto wallets (steal cryptocurrency from victims). It should be avoided and closed if ever opened.