While examining suspicious websites, our researchers discovered this fake "Atomic Wallet" page. It masquerades as the official site (atomicwallet.io). This is a phishing scam, i.e., the imitator webpage seeks to extract users' digital wallet log-in credentials. IMPORTANT NOTE: We do not revi
During a routine investigative session, our researchers discovered this fake Vulcan website (role-app[.]net; potentially others). It impersonates the official Vulcan site (vulcan.xyz) and encourages users to connect their digital wallets to receive a role and gain privileges. This scam operates as
CyberVolk BlackEye is a ransomware-type program. Malware of this kind is designed to encrypt files and demand payment for the decryption. On our test machine, CyberVolk BlackEye encrypted files and added a ".CyberVolk_BlackEye" to their names. To elaborate, a file initially named "1.jpg" appeared
Our team has examined the page (clearsee[.]top) and discovered that it uses a malicious tool to steal cryptocurrency. It is disguised as a crypto exchange to lure users into taking harmful actions. Thus, users should be careful when encountering such pages and avoid interacting with them. IM
EDDIESTEALER is a malicious program classed as a stealer. It is written in the Rust programming language. Stealers are designed to extract and exfiltrate vulnerable information from infected devices. EDDIESTEALER targets log-in credentials, cryptocurrency wallets, and other sensitive data.
Our analysis of the website (binaryxe[.]org) indicates that it is a fraudulent site created to deceive visitors into thinking they are on the legitimate (formerly BinaryX) platform, Four site. Its purpose is to steal cryptocurrency from unsuspecting individuals through a malicious tool. Thus, user
Chaos RAT is a remote access tool built using the Go programming language. It works on both Windows and Linux systems. Chaos RAT includes a control panel that lets attackers create malware payloads, manage active connections, and remotely control infected devices. If detected on a device, the RAT
Our inspection of the "Take Immediate Action" email revealed that it is spam. This message urges the recipient to verify their email to remove the restrictions placed in response to suspicious activity detected on the account. This spam mail aims to trick recipients into disclosing their log-in cr
Ololo is ransomware that we discovered while analyzing malware samples uploaded to VirusTotal. It is part of the MedusaLocker family and is designed to encrypt files. Also, Ololo appends the ".ololo" extension to files (e.g., renames "1.jpg" to "1.jpg.ololo" and "2.png" to "2.png.ololo") and drops
We have reviewed smartadsflow[.]top and concluded that it is a deceptive website designed to trick visitors into consenting to get its notification. The method this page uses to obtain this permission is known as clickbait. Usually, notifications from websites like smartadsflow[.]top contain misle