Our researchers discovered the "Microsoft Windows Locked Due To Unusual Activity" technical support scam while investigating suspicious websites. This scheme masquerades as Microsoft's website warning visitors of system infections. The goal is to deceive victims into calling the fake support line
Our team has analyzed this email and learned that it is deceptive. It is disguised as a notification from an organization regarding employment benefits. Scammers behind this email seek to steal personal information from recipients. Such emails are known as phishing attempts, and recipients should
FIOI is ransomware belonging to the Makop family. Our team discovered this variant during examination of samples submitted to VirusTotal. We found that FIOI encrypts files and appends the ".FIOI" extension (along with a string of random characters and an email address). Also, it changes the deskto
During our inspection of the site (sandbox-game-airdrop.pages[.]dev), we found that it is a fake website mimicking the real one (sandbox[.]game). The fraudulent page is created by scammers who seek to steal funds (cryptocurrency) from unsuspecting individuals. Therefore, it is important not to int
We have examined this email and found that it is crafted to trick recipients into believing they can receive a large sum of money for cooperation. Schemes like this one are known as inheritance scams. Typically, fraudsters behind them try to extract money and (or) personal information from unsuspe
SingleCamper is an updated version of the RomCom RAT. SingleCamper was spotted being used as the primary implant in certain attacks carried out by threat actors. In these attacks, SingleCamper is responsible for executing all malicious post-compromise actions. It is loaded directly from the regist
While browsing suspicious websites, our researchers discovered this "SquidGrow Migration Claim" scam endorsed on squidgrow-claim.pages[.]dev (note that it could be hosted elsewhere). This fake page imitates the SquidGrow platform (squidgrow.wtf) and functions as a cryptocurrency drainer. IMP
During our inspection, we could not determine what exactly the RoxiApp application does. However, we discovered that it installs alongside other unwanted components, and multiple security vendors have flagged the installer distributing RoxiApp as malicious. Therefore, users should avoid installing
REVRAC is a malicious program that encrypts data and demands ransoms for its decryption. Due to this behavior, this software is classed as ransomware. On our testing system, REVRAC encrypted files and altered their filenames. Original titles were appended with a unique ID assigned to the victim a
This is a scam imitating the Swell Network (swellnetwork.io). It lures victims with a bogus cryptocurrency airdrop. This fake website operates as a cryptocurrency drainer. Victims of the "SWELL Airdrop" scheme cannot recover the stolen digital assets. IMPORTANT NOTE: We do not review crypto