Our analysis shows that register-tether[.]xyz is a deceptive website designed to look like the official Tether page (tether.io). It offers rewards in exchange for voting, but its real purpose is to trick visitors into following instructions that can lead to the theft of their cryptocurrency. This
KRYBIT is ransomware that our team discovered while examining malware samples uploaded to VirusTotal. Once executed, it encrypts files and appends the ".KRYBIT" extension to files. For instance, it renames "1.jpg" to "1.jpg.KRYBIT", "2.png" to "2.png.KRYBIT", and so on. KRYBIT also drops a ransom
Infiniti is an information stealer targeting macOS users. Cybercriminals were observed distributing it via ClickFix, a deceptive social engineering technique. Infiniti is designed to steal various information, including browser credentials, Keychain entries, and cryptocurrency wallet data. If de
We have inspected the website (makealiensgreatagain[.]app) and found that it is a copy of the original Make Aliens Great Again platform (makealiensgreatagain.com). The fraudulent version is designed to steal cryptocurrency from victims through a malicious tool. It should be avoided to prevent fina
Our team has determined that this is a scam involving a legitimate website (GitHub platform) and a fake application uploaded to it. The distributed application is flagged as malicious by multiple security vendors. Thus, installing it may lead to identity theft, financial loss, or other issues. Use
Net is ransomware that we uncovered while examining malware samples submitted to VirusTotal. After execution, Net makes files inaccessible by encrypting them. Also, the ransomware appends the ".net6" extension to files (the number in it may vary) and provides a ransom note ("Recovery_Instructions.
notnullOSX is an information stealer written in the Go programming language. It targets macOS users and is used to steal cryptocurrency from victims. Threat actors distribute notnullOSX using a ClickFix technique and infected DMG files. If this malware gets detected on a device, it should be rem
Our team has discovered that cybercriminals compromised the official Harvard website (hir.harvard.edu) and injected ClickFix. By exploiting access to a trusted, reputable domain, the attackers were able to host malicious content that appears legitimate, increasing the likelihood that visitors woul
We have examined the message and determined that it is designed to deceive recipients into believing that they have to review their accounts as soon as possible. This scam email includes a link to a phishing website. Typically, scams like this are used to harvest personal information. This and sim
We have inspected the email and found that it is designed to look like a delivery update from a legitimate company. However, this message is fraudulent, as it contains fake details and includes a link to a deceptive page. The scammers behind this email likely seek to steal money and personal infor