OperativeIndexer is a rogue application discovered by our research team during a routine inspection of new file submissions to the VirusTotal website. After analyzing this app, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family. Adware
"Scroll (SCR) Registration" is a scam that imitates the official website of the Scroll Ethereum scaling solution (scroll.io). The imitator site (register-scroiifdn[.]com; other domains are not unlikely) implies that users who register will receive some benefit. This scam operates as a cryptocurre
NonEuclid is a Remote Access Trojan (RAT) programmed using C#. This RAT allows unauthorized control of a victim’s computer. It bypasses security systems and is harder to detect. NonEuclid uses various techniques, such as avoiding antivirus detection, escalating privileges, and encrypting important
Search-thrill.com is presented as a search engine. Upon inspection, we determined that this website is fake. Like most sites of this kind, search-thrill.com cannot provide search results and redirects to a legitimate search engine. Typically, pages like search-thrill.com are promoted by browser hi
Our team has checked the site (inkairdrop.pages[.]dev) and determined that it is a scam website promoting a fake airdrop (cryptocurrency giveaway). It is created to trick users into believing that they can receive cryptocurrency for free. However, engaging in this scam can result in a significant
Stepadspoint[.]top is the address of a rogue webpage promoting browser notification spam and redirecting users to other (likely unreliable/malicious) sites. Most visitors access stepadspoint[.]top and similar pages through redirects generated by websites that utilize rogue advertising networks. O
We have reviewed this email and found that it is a fraudulent notification claiming to be from Microsoft. It is designed to trick recipients into believing they must "re-validate" their accounts and disclosing personal information on a fake site. Such emails are classified as phishing emails.
After inspecting this "Ethereum Events" website (cryptocurrency-events[.]com; other domains are possible), we determined that it is a scam. The page promises that eligible users will receive up to fifty thousand in rewards. This scam operates as a cryptocurrency drainer. It must be emphasized tha
Our team has reviewed WebTemplate and discovered that it produces intrusive ads and is flagged as malicious by several security vendors. As a result, we have categorized WebTemplate as adware. Users should not install such apps, as they pose potential privacy and security risks. If WebTemplate i
In our examination of LucKY_Gh0$t, we found that it is ransomware based on another ransomware known as Chaos. Upon infiltration, LucKY_Gh0$t encrypts and renames files, changes the desktop wallpaper, and drops the "read_it.txt" file (a ransom note). This ransomware appends four random characters (