Mergeconnection.co[.]in is a rogue webpage discovered by our research team during a routine investigation of suspicious sites. This page promotes browser notification spam and redirects users to other (likely untrustworthy/malicious) websites. Most visitors access mergeconnection.co[.]in and simi
After inspecting this "IMAP/POP Certificate Validation" email, we learned that it is spam. This fake alert claims that the email certificate cannot be validated because the recipient has not provided the relevant information. This spam mail lures users into visiting a phishing website that targets
While browsing suspicious sites, our researchers discovered the "DApp Rectification" scam. It is presented as a website for rectifying various cryptocurrency wallet issues. However, instead of providing the advertised services, this scam operates as a crypto drainer – it siphons digital assets fro
During our analysis of StealthGuard, we found that it is promoted as a secure browser offering users private browsing. However, we also discovered the browser is distributed using not only an official but also a suspicious website. This suggests that StealthGuard may exhibit characteristics of an
We have inspected the site and discovered that it presents a fake warning and requests permission to show notifications. If granted permission, scanprotects[.]com can deliver deceptive notifications designed to open potentially malicious websites. Therefore, scanprotects[.]com should not be truste
Our researchers discovered the "Fine For Visiting Pornographic Websites" scam during a routine investigative session of deceptive websites. We found three variants; more are not unlikely. The known versions targeted users in the United Arab Emirates, Saudi Arabia, and India. The scheme claims tha
Our examination revealed that this email masquerades as a notification regarding a mailbox error from an email service provider. It is created to lure recipients into opening a fake website and revealing personal information. Users should avoid responding to such emails or opening links (or files)
Our inspection of the website (stakings-hyperfoundation[.]com) has revealed that it is designed to appear like the original site (hyperfoundation.org). Scammers behind the deceptive page aim to trick individuals into taking steps that can result in the loss of cryptocurrency holdings. Thus, the pa
Our researchers found the Clone ransomware during a routine inspection of new submissions to the VirusTotal website. This malicious program belongs to the Dharma ransomware family. It is designed to encrypt files and demand ransoms for the decryption. On our testing machine, Clone modified files
D0glun is a ransomware-type virus. It aims to encrypt victims' files in order to demand ransoms for the decryption. On our test machine, D0glun encrypted files and altered their names. Initial filenames were appended with an extension following this pattern – ".@D0glun@[original_extension]"; e.g.