Our research team discovered kravonexta[.]com while browsing suspicious websites. This rogue page endorses browser notification spam and generates redirects to other (likely untrustworthy/dangerous) sites. Kravonexta[.]com and webpages akin to it are primarily accessed through redirects produced b
While investigating untrustworthy sites, our researchers discovered this fake "Raydium Staking" webpage. The purpose of this Raydium imitator is to deceive users into exposing their digital wallets to a cryptocurrency drainer – a mechanism designed to steal funds from exposed cryptowallets.
While investigating suspicious websites, our research team discovered this "Moonbirds ($BIRB) Airdrop" scam. It is disguised as the official BIRB token airdrop. It is in no way associated with the actual Moonbirds (BIRB) site (moonbirds.com). The goal of this scam is to deceive users into exposing
Our investigation of news-rehoga[.]cc revealed that it uses deception to convince users to enable its notifications. If permission is granted, users may receive annoying and intrusive spam alerts, such as fake warnings and advertisements. For this reason, news-rehoga[.]cc should not be trusted and
News-pitaro[.]com is a rogue webpage that promotes browser notification spam and generates redirects to various (likely unreliable/harmful) sites. Most visitors access this page via redirects produced by websites utilizing rogue advertising networks. In fact, our researchers discovered news-pitaro
We have checked the page (event-molty[.]fun) and discovered that it is a fraudulent site designed to trick visitors into believing that they can participate in an airdrop (a cryptocurrency giveaway). The scammers behind this scam seek to empty crypto wallets. Thus, falling for this scheme can resu
We analyzed news-peyucu[.]cc and determined that it uses a misleading request to get permission to show notification. Granting this permission can result in frequent spam notifications, including false warnings and unwanted ads. News-peyucu[.]cc should be avoided and should not be allowed to send
Our analysis has revealed that this is a scam email disguised as a message from the IT security team. It urges recipients to click the provided link to avoid issues with their account. The purpose of this phishing email is to steal personal information through a deceptive website. Recipients shoul
GopherRAT is a custom remote access Trojan (RAT) written in Go that connects to an attacker's server using an encrypted channel. Usually, cybercriminals use RATs to steal information, deploy additional malicious tools, deliver malware to other users, and for other malicious purposes. If a system i
DotStealer 2.0 is a malicious program written in the C++ programming language. It is designed to exfiltrate sensitive information from compromised devices. This stealer-type malware also possesses spyware capabilities, such as keylogging. DotStealer 2.0 has been observed being infiltrated