Our researchers discovered this fake "$GUARD" airdrop during a routine inspection of suspicious websites. Upon further examination, we learned that this scam operates as a cryptocurrency drainer – by stealing digital assets from exposed cryptowallets. IMPORTANT NOTE: We do not review crypto
Our inspection of the "Messages Awaiting Your Attention" email revealed that it is spam. It is presented as a notification concerning undelivered messages that are pending verification. The purpose of this spam campaign is to lure recipients into visiting a phishing site targeting email log-in cre
Phenol is a piece of malicious software categorized as ransomware. Malware within this category operates by encrypting data and demanding a ransom for the decryption. On our test machine, this ransomware encrypted files and added the attackers' email address and the ".phenol" extension to their f
Our analysis shows that grattederia[.]com is an unreliable website that attempts to obtain permission to deliver push notifications using deceptive instructions. If accepted, these notifications may lure users into visiting additional unsafe or malicious sites. For this reason, grattederia[.]com s
Gentlemen is ransomware that encrypts files and appends a random extension to them. For example, during encryption a file named "1.jpg" is changed to "1.jpg.7mtzhh", "2.png" to "2.png.7mtzhh", and so fort. Also, provides a ransom note ("README-GENTLEMEN.txt"). Its purpose is to extract money from
Osprey is information-stealing malware designed to harvest sensitive data from infected systems. It targets cryptocurrency wallets, various game data, system information, and other details. Cybercriminals can use it to hijack accounts, steal money and identities, and for other malicious purposes.
Maranhão is an information-stealing malware written in Node.js and delivered through Inno Setup installers. It targets various sensitive information, including cryptocurrency wallet data. Its infiltration can lead to privacy issues, monetary loss, and other problems. If detected on a system, Maran
Our analysis of the site (app.hyperswapx[.]exchange) has uncovered that it is a fraudulent copy of the official HyperSwap platform (app.hyperswap.exchange). The site is intended to deceive users into connecting their wallets, allowing scammers to steal their cryptocurrency. This deceptive site sho
HybridPetya is ransomware that shares similarities with Petya and NotPetya. One of the main differences is that HybridPetya can bypass UEFI Secure Boot defenses on vulnerable systems - it starts its malicious activities before the operating system even loads. Like most ransomware variants, HybridP
After reading this "Rainbow Lottery" email, we determined that it is spam. It claims that the recipient's email address has been randomly selected as a winner of one million GBP (pound sterling). The purpose of this spam campaign is to trick victims into disclosing sensitive data and potentially