Step-by-Step Malware Removal Instructions

Trezor Security Update Scam
Phishing/Scam

Trezor Security Update Scam

While browsing dubious websites, our researchers discovered this fake "Trezor Security Update" page. It impersonates the official website of the Trezor wallet (trezor.io) and claims that users must undertake a critical update. This is a phishing scam that targets cryptocurrency wallet log-in crede

Fake Gasspas (GASS) Website Scam
Phishing/Scam

Fake Gasspas (GASS) Website Scam

This fake "Gasspas (GASS)" page (gasspas-vip.web[.]app; possibly other domains) is an almost perfect visual copy of the official Gasspas website (gasspas.vip). This imitator webpage promotes a cryptocurrency drainer, which is designed to siphon funds from exposed digital wallets. It must be stress

CryptoNex ETH Voucher Scam
Phishing/Scam

CryptoNex ETH Voucher Scam

We have inspected the page (walletsuppport[.]com) and discovered that it is a fake crypto analytics platform. The scammers behind it offer crypto vouchers to lure users into connecting their wallets. Their goal is to steal cryptocurrency from unsuspecting individuals. Thus, this site should be avo

707 Ransomware
Ransomware

707 Ransomware

Our researchers found the 707 ransomware while investigating new submissions to the VirusTotal website. Malware of this kind encrypts data and demands payment for the decryption. On our test machine, 707 encrypted files and appended their names with a ".707" extension. For example, a file origina

Davixnaro.co.in Ads
Notification Spam

Davixnaro.co.in Ads

We have inspected davixnaro.co[.]in and found it to be deceptive. It is designed to rick visitors into accepting push notifications. Once enabled, davixnaro.co[.]in can send fake alerts and similar messages to trick users into opening other (potentially malicious) websites. Thus, davixnaro.co[.]in

CyberHazard Ransomware
Ransomware

CyberHazard Ransomware

CyberHazard is ransomware from the MedusaLocker family. We discovered it while examining malware samples submitted to VirusTotal. Our analysis shows that CyberHazard encrypts files and appends the ".cyberhazard" extension to them. For example, it changes "1.jpg" to "1.jpg.cyberhazard" and "2.png"

Claim Your Solana (SOL) Back Scam
Phishing/Scam

Claim Your Solana (SOL) Back Scam

We have reviewed the site (refundyoursol[.]io) and concluded that its purpose is to steal cryptocurrency. Like most similar scams, this page offers users the chance to receive free crypto. It is important to recognize such scams and never interact with them to avoid cryptocurrency theft. IMP

Osaka Protocol ($OSAK) Reward Distribution Scam
Phishing/Scam

Osaka Protocol ($OSAK) Reward Distribution Scam

Our team has analysed the website (allocations-osaka[.]com) and found that it offers users the opportunity to receive rewards to lure them into taking actions that can lead to the theft of their cryptocurrency. This scam page mimics the original Osaka Protocol site to appear legitimate. IMPO

Lido Finance Airdrop Scam
Phishing/Scam

Lido Finance Airdrop Scam

We have analysed the website (app.ldo-steth[.]com) and discovered that it is a scam. This page mimics the original Lido platform (lido.fi) to trick visitors into connecting their wallets. Victims of this scam can have their cryptocurrency stolen. Thus, this fraudulent page should not be trusted an

$ERA Airdrop Scam
Phishing/Scam

$ERA Airdrop Scam

Our research team discovered this fake "$ERA" airdrop while investigating suspicious sites. When users attempt to check their eligibility for the bogus airdrop, they expose their digital wallet to a cryptocurrency drainer. It must be stressed that, regardless of any similarities, this scam is not