Sysdoz is ransomware that our team has found while inspecting malware samples uploaded to VirusTotal. We have discovered that Sysdoz encrypts files and changes their filenames, and provides a ransom note ("README.TXT"). It appends the victim's ID and the ".sysdoz" extension to filenames. For exam
We have inspected the message and found that it is a phishing email. It is disguised as a notification regarding an email address authentication. Its purpose is to trick recipients into opening the provided website and entering personal information. Victims of this scam may have their accounts com
StreamSpy is a newly identified Trojan used by the Patchwork (APT-Q-36) threat group. It communicates with its command server using both WebSocket and HTTP, utilizing WebSocket for receiving instructions and sending results, and HTTP for tasks such as file transfers. StreamSpy has similarities wit
This "Railgun Rewards" scam masquerades as the RAILGUN protocol. It states that users have unclaimed rewards worth over one thousand US dollars. The scam is not associated with RAILGUN. The goal is to deceive victims into exposing their digital wallets to a cryptocurrency drainer. IMPORTANT
After reviewing this "Email Address Will Be Deactivated As A Security Measure" message, we determined that it is spam. It claims that the recipient's email address will be deactivated, and to avoid service disruptions – the records must be updated. The goal is to trick users into exposing their em
Our researchers discovered this fake "Griffain" site during a routine investigation. It impersonates the Griffain platform and operates as a cryptocurrency drainer. Essentially, victims' digital assets are transferred to scammer-owned wallets. IMPORTANT NOTE: We do not review crypto projects
While browsing dubious websites, our research team discovered the fake "EtherLens Rewards" page. It operates as a cryptocurrency drainer and lures victims into exposing their digital wallets by promising Ethereum (ETH) cryptocurrency rewards. IMPORTANT NOTE: We do not review crypto projects,
Our review of the email has shown that it is a sextortion scam. The scammers behind it claim that they have accessed the recipient's devices and threaten to release explicit videos unless a ransom is paid. All claims in this scam email are not true. Whoever receives this email should ignore it.
Our team has discovered a fake Photon website (speedtrade[.]icu) designed to steal cryptocurrency from unsuspecting individuals. Scammers can steal crypto by tricking users into connecting their wallets. If this website is visited, it should be closed and never opened again. Falling for this scam
Our review of the "Urgent Action Required" email revealed that it is spam. It urges the recipient to upgrade their mailbox to retrieve pending messages. The purpose of this phishing campaign is to deceive users into revealing their email account log-in credentials. The spam email with the