NBLock Black is ransomware that our team has discovered during an examination of malware samples uploaded to VirusTotal. Our analysis shows that NBLock Black encrypts files and modifies filenames. It changes filenames to a random string and appends a random extension. For example, it tenames "1.jp
Our investigation of gitlawb[.]info found that this page imitates the legitimate gitlawb platform (gitlawb.com) and runs a fake voting rewards campaign. The site claims that participants who vote on a rewards distribution date will receive a 1.25x boost to their "claiming power." In reality, it is
We have analysed the site (claim-kaio[.]xyz) and concluded that it poses as the original KAIO website (kaio.xyz) and promotes a fake cryptocurrency airdrop. Its purpose is to deceive visitors into taking actions leading to the theft of their cryptocurrency holdings. This scam page should be ignore
While investigating suspicious websites, our researchers came across pendle-governance[.]app, a page impersonating the Pendle Finance platform. The site promotes a fake community voting event, claiming users who participate will receive a bonus $PENDLE token allocation. This is a fraudulent page d
Our team has examined the site (reward-dexscreener[.]com) and found that it is designed to mimic the original platform, known as DEX Screener (dexscreener.com). The fraudulent website offers rewards as a lure. However, the goal is to trick visitors into taking actions that can result in the theft
We have reviewed the message and found that it is a deceptive message disguised as a payment report. The fraudsters behind it seek to trick recipients into opening shady websites through the provided link. Whoever receives this email should ignore and delete it to avoid potential risks. Th
We have inspected the message and concluded that it is a scam email disguised as a notification from the cloud service provider. It urges recipients to take immediate action to "save" their files. The scammers behind this message seek to trick recipients into opening fake websites and following th
NodeCordRAT is a type of malware (a Remote Access Trojan, or RAT) that is distributed by hiding it inside fake npm packages. The RAT uses Discord as a communication channel and enables cybercriminals to control infected devices remotely. It is used mainly to steal information from web browsers and
While examining suspicious websites, our researchers came across claiming-campaign[.]com, a fraudulent page posing as the official Aave platform. The site falsely claims that users affected by a recent Aave attack can now recover their lost assets by connecting their wallet. In reality, it is a cr
CloudZ is a remote access Trojan (RAT). It uses a custom plugin to steal credentials and potentially capture one-time passwords (OTPs). CloudZ also avoids detection by running malicious functions in system memory and checking for debuggers and sandbox environments. The RAT should be removed from i