After examining this "SharePoint Meeting Document" email, we determined that it is spam. This fake message is presented as a notification concerning a new meeting and a shared document. It must be stressed that this email is not associated with SharePoint. The purpose of this spam campaign is to s
HexaLocker is a malicious program classed as ransomware. It operates by encrypting data and demanding payment for the decryption. This ransomware renames the files it encrypts by adding a ".hexalocker" extension, e.g., a file titled "1.jpg" appears as "1.jpg.hexalocker", "2.png" as "2.png.hexalock
While investigating rogue websites, our researchers discovered an installer carrying the Crowq Utils Sol PUA (Potentially Unwanted Application). Upon analysis, we determined that Crowq Utils Sol acts as a dropper for the Legion Loader malware. However, it might be used to infiltrate other harmful
After inspecting this "Standard Chartered Bank - Transfer Confirmation" email, we determined that it is fake. This phishing message is presented as a transaction notification from Standard Chartered, but it is in no way associated with this bank. This spam campaign targets recipients' email accoun
X2anylock is ransomware, potentially based on Lockbit 3.0 (another ransomware). It encrypts files, drops a ransom note ("How to decrypt my data.txt"), and appends the ".x2anylock" extension to files. For instance, it changes "1.jpg" to "1.jpg.x2anylock" and "2.png" to "2.png.x2anylock". Screen
We have examined the site (claim.kiloex[.]rest) and concluded that it is a scam designed to trick individuals into believing they can claim free cryptocurrency by connecting their crypto wallets. The purpose of this scam site is to steal cryptocurrency from victims. It should not be trusted and sh
Our researchers discovered the "WhiteRock ($WHITE) Proposal" scam while investigating dubious websites. This scam masquerades as the WhiteRock (whiterock.fi) platform. It operates as a cryptocurrency drainer (by siphoning digital assets) and lures victims into exposing their wallets with a poll co
We have reviewed ablebass.co[.]in and found that it employs a deceptive tactic to lure visitors into agreeing to receive its notifications. Once permission is granted, ablebass.co[.]in sends notifications containing links to various scam websites and other unreliable sites. Users should not allow
Our inspection has shown that this is a fake website (claim.aave-io[.]org) imitating the Aave cryptocurrency lending and borrowing platform (app.aave.com). It is designed to deceive users into participating in a fake airdrop (giveaway). Victims of this scam can lose their cryptocurrency holdings.
Our discovery of Gnsyihong occurred during an inspection of malware samples submitted to VirusTotal. We found that Gnsyihong is ransomware that encrypts files and appends the victim's ID and ".gnsyihong" to them. It also drops the "README.TXT" file containing a ransom note. Gnsyihong is identical