"NEIRO Register" is a scam promoted on register-neirocoin[.]app (note that other domains are likely). It promises rewards for users who register within the next 24 hours, likely in the form of free NEIRO memecoins. This scheme is a crypto drainer that steals cryptocurrency from victims' digital wa
While investigating deceptive websites, our research team found the "Claim $METIS" scam page. This scheme was discovered on decentralized-worlds.pages[.]dev, but it could be hosted elsewhere. It is a fake airdrop supposedly distributing METIS tokens. The scam functions as a cryptocurrency drainer
Our team has examined this email and concluded that it is a phishing email. Scammers use such emails to trick unsuspecting recipients into disclosing personal information. In this particular case, scammers pretend to be a company named NET Registry to extract information from recipients. It is hig
During our inspection of app-methprotocol[.]co, we discovered that it is a fraudulent website designed to trick visitors into taking steps that could lead to financial loss. Such sites often use convincing designs to appear legitimate. The deceptive site in question is disguised as a cryptocurrenc
Ajina (also known as Mamont) is a banking Trojan targeting Android users. It is known for stealing financial information and two-factor authentication (2FA) messages. Ajina is distributed by disguising it as legitimate banking and other apps. Cybercriminals behind Ajina have been observed targetin
While browsing suspicious websites, our researchers discovered the stonecoremason[.]top rogue page. It promotes browser notification spam and redirects visitors to other (likely dubious/malicious) sites. Users most commonly enter webpages like stonecoremason[.]top via redirects caused by websites
After inspecting the "Someone Used Your Webmail Password" email, we determined that it is spam. This mail is promoting a phishing scam that targets email log-in credentials by claiming that an unrecognized sign-in attempt was blocked. The spam email with the subject "Mailbox Unusual Sign-i
While inspecting a deceptive download page, our researchers discovered a rogue installer carrying the GxuApp PUA (Potentially Unwanted Application). Programs within this category typically possess harmful functionalities. PUAs are often bundled with other suspicious software, and the GxuApp insta
Our research team discovered the ZAKI ESCOVINDA ransomware during a routine investigation of new file submissions to the VirusTotal platform. This malicious program belongs to the Chaos ransomware family. ZAKI ESCOVINDA encrypts data and demands payment for the decryption. On our test machine, th
Our researchers discovered the SmartSearch browser hijacker while analyzing a rogue installation setup. SmartSearch modifies browser settings to produce redirects to promoted websites. This browser extension is also considered a privacy threat, as software within this classification typically spie