Our team has inspected the website (utility.soldex[.]trade) and found that it imitates the original Utility Coin site (theutilitycoin.com). The fake site promotes an airdrop to lure visitors into taking actions allowing fraudsters to steal their cryptocurrency holdins. It should be avoided to prev
We have analysed chethomarie[.]com and found that it tries to deceive visitors into agreeing to get its notifications. Once permission is granted, the site can send fake alerts and other misleading messages, which may lead users to potentially malicious pages (e.g., scam websites). Thus, chethomar
NovaShadow is marketed as a stealthy remote access Trojan (RAT) that can evade antivirus detection using advanced obfuscation and polymorphic code. It uses AES‑256 encrypted communications, does not keep logs, and has spying features like live screen sharing, a keylogger, webcam access, and broad
During our examination, we found that this is a phishing email. The message is disguised as a notification from an email service provider and includes a link to a fake website. Its purpose is to trick recipients into opening a fake web page and entering personal information. Such emails should be
SharkStealer is a type of malware called an infostealer, written in the Golang programming language. It steals information from infected devices. It uses the BNB Smart Chain (BSC) Testnet to communicate with its control servers. This method, called "EtherHiding", helps hide its network activity.
Our inspection of the "Undelivered Mail Returned To Sender" email revealed that it is a phishing scam. This spam message claims that multiple emails sent by the recipient have failed delivery. The goal of this spam campaign is to deceive recipients into exposing their email account log-in credenti
After examining this "cPanel - Webmail Update Required" email, we determined that it is fake. This is a phishing message that targets email account log-in credentials (passwords). It must be emphasized that this spam campaign is not associated with the actual cPanel, L.L.C. This spam email
CastleLoader is a piece of malicious software categorized as a loader. This program is designed to download/install additional malware (i.e., cause chain infections). CastleLoader has been around since at least early 2025. It has been observed being used to target governmental entities in the Unit
Our research team found this fake "Hyperliquid Rewards Program" page during a routine investigative session. This scam masquerades as the official website of Hyperliquid (hyperfoundation.org). It operates as a cryptocurrency drainer – by stealing digital assets from exposed cryptowallets. IM
While investigating suspect websites, our researchers discovered this fake "Regent of the North Winds ($REGENT)" page. It closely impersonates the official website of Regent (regentsol.io). Upon examination, we determined that it is a phishing scam targeting cryptowallet log-in credentials.