We have reviewed the message and concluded that it is a phishing email posing as a verification request from an email service provider. It is designed to trick recipients into opening a fake website and entering personal information. Victims of this scam may have their email and possibly other acc
Our analysis has revealed that this website (claimbtc20.pages[.]dev) promotes a fake Bitcoin 20 ($BTC20) giveaway to trick visitors into following the provided instructions. The scammers behind this deceptive aim to empty wallets (steal cryptocurrency). This page should not be trusted to avoid fin
Absolute Domination is ransomware that encrypts files, appends its extension (".domination") to files, and displays a full-screen ransom note written in Russian. An example of how Absolute Domination renames files: it changes "1.jpg" to "1.jpg.domination", "2.png" to "2.png.domination", and so for
We have inspected the website (power-protocol[.]org) and found that it promotes a fraudulent "Power Protocol ($POWER) airdrop". It is designed to appear as the original Power Protocol site (powerprotocol.xyz) to trick visitors. The goal is to empty cryptocurrency wallets. Victims of this scam may
Ultimate is malware designed to steal information from infected macOS systems. It maintains persistence, evades detection, and securely exfiltrates stolen data to a command-and-control (C2) server controlled by cybercriminals. If a device is infected with Ultimate, the malware should be removed
Our analysis shows that it is a deceptive email disguised as a security alert from the Chase Bank (a legitimate American national bank). It contains fake details to appear urgent and trick recipients into disclosing personal information on a fraudulent page. This scam email should be ignored to av
CrySome is a remote access Trojan (RAT) that lets cybercriminals take control of an infected device. This RAT can steal files and passwords, spy on activity, and run commands remotely. What makes CrySome even more serious threat is that it can hide itself, disable antivirus software, and stay on t
CrystalX is a remote access Trojan (RAT) offered as MaaS (malware‑as‑a‑service) and promoted through Telegram. It is mainly used to steal information from infected devices and to control devices remotely, and it also has a prankware capability. If detected on a device, CrystalX should be removed a
BASANAI is ransomware from the MedusaLocker family. We discovered this ransomware while analyzing malware samples uploaded to VirusTotal. Once executed, BASANAI encrypts files and appends its extension (".BASANAI") to files. For instance, a file named "1.jpg" is renamed to "1.jpg.BASANAI", "2.png"
We have checked xicuritinon.co[.]in and discovered that it uses deception to get permission to send notifications. If users accept these notifications, they may encounter websites designed to steal information or other fraudulent content. Xicuritinon.co[.]in and similar pages should be ignored and