HexaCrypt is ransomware designed to encrypt files. In addition to preventing access to files, HexaCrypt appends a string of random characters to files (changes their extension) and drops a ransom note "[random_string].READ_ME.txt". An example of how HexaCrypt renames files: it changes "1.jpg" to "
We have inspected hawarbarin.co[.]in and found that it uses a tactic known as clickbait to obtain permission to show notifications. If permitted, hawarbarin.co[.]in can show deceptive notifications designed to open unreliable websites. It is highly advisable not to trust hawarbarin.co[.]in and rej
Our researchers discovered this fake "Raydium Airdrop" site during a routine inspection of dubious websites. This page mimics the Raydium (raydium.io) platform. The imitator page promotes a cryptocurrency drainer that aims to siphon funds from exposed digital wallets. IMPORTANT NOTE: We do n
Our researchers discovered the "Apple Mac Security Center" technical support scam while investigating suspicious websites. The deceptive page claims to be associated with Apple and alerts the visitor of threats detected on their device. The goal is to trick victims into calling a fake support li
ResolverRAT is a malicious program classed as a Remote Access Trojan (RAT). Trojans of this kind are designed to enable remote access and control over infected machines. ResolverRAT has been used in campaigns targeting organizations worldwide. As of the time of writing, the latest campaign in Mar
Upon inspection, we determined that the "DOGE Compensation To Fraud Victims Worldwide" email is fake. This spam message claims to be from the US government offering compensation to fraud victims worldwide. This phishing mail targets recipients' personal information and may request payment at a lat
PetyaX is a ransomware designed to encrypt data and demand payment for the decryption. This malware renames the files that it alters. Original filenames are appended with a ".petyax" extension, e.g., a file initially titled "1.jpg" becomes "1.jpg.petyax", "2.png" – "2.png.petyax", etc. Afterward,
We have inspected the Heizer Kroop Sortic application and found that it contains malicious components, such as Legion Loader. The app itself has no clear purpose and is distributed using shady methods. For these reasons, users should avoid installing Heizer Kroop Sortic and uninstall it from compu
While investigating suspicious sites, our researchers discovered fripolonishnity.co[.]in – it is a rogue page that promotes browser notification spam and redirects users to other (likely untrustworthy/hazardous) websites. Most visitors to fripolonishnity.co[.]in and similar webpages access them th
We have inspected the website (claim.dexenetwork[.]click) and discovered that it mimics the original DeXe Protocol site (dexe.network). The fake web page is designed to trick individuals into taking steps that could lead to cryptocurrency theft. It should not be trusted and should be closed if eve