While investigating untrustworthy sites, our researchers discovered this fake "$TURBO" webpage (turbotoken[.]io; possibly others). Users who try to participate in this bogus airdrop expose their digital wallets to a cryptocurrency drainer. It must be emphasized that this scam is not associated wit
Our researchers discovered quicknetshift.co[.]in while browsing suspect websites. After inspecting this rogue page, we determined that it promotes browser notification spam and redirects visitors to different (likely dubious/malicious) sites. Most users access quicknetshift.co[.]in and webpages ak
TransferLoader is a malware loader that the attackers have used since at least February 2025. It consists of several components: a downloader, a backdoor, and a separate module designed to deploy the backdoor. Cybercriminals have been observed using TransferLoader to deploy ransomware. If detected
Retrorevivesearch.com is a fake search engine our researchers discovered while analyzing the Retro Revive browser hijacker. This extension is supposedly designed to create a retro aesthetic for new browser tabs. Browser hijackers promote these webpages by modifying browser settings. It is notewort
Recipio is promoted as a browser extension (or add-on) that helps users find recipes online by narrowing search results to cooking-related content, making it easier to discover meal ideas, detailed recipes, and step-by-step instructions without unrelated distractions. However, our analysis shows t
Desolator is a malicious program classed as ransomware. It is designed to encrypt files and demand payment for the decryption. After we executed a sample of Desolator on our test machine, it encrypted files and added a ".desolated" extension to their names. For example, a file originally named "1
We have analysed calenital.co[.]in and concluded that this is a deceptive website designed to obtain permission to show notifications through clickbait. Once allowed, calenital.co[.]in can bombard users with fake warnings and other messages designed to direct them to other untrustworthy sites and
We found that laracismas.co[.]in is designed to manipulate users into clicking “Allow” on a browser prompt that allows the site to show notifications. Once this permission is granted, the site sends misleading alerts and similar messages that can lead users to unsafe websites. Thus, laracismas.co[
Our inspection of the site (wallets.syncappfix[.]info) has shown that it is a deceptive web page designed to trick visitors into taking actions that would lead to the theft of personal details. Falling for this scam can cause monetary loss. Therefore, it is essential to thoroughly check cryptocurr
Our researchers discovered pphouse3[.]fun while investigating dubious websites. Upon examination, we determined that this rogue webpage promotes scams and browser notification spam. It can also redirect users to other (likely untrustworthy and/or dangerous) sites. Most visitors to pphouse3[.]fun