While investigating suspect sites, our researchers discovered the traversol.co[.]in rogue page. After inspecting this webpage, we learned that it endorses browser notification spam and redirects users to different (likely untrustworthy/hazardous) websites. The majority of visitors enter traversol
While browsing suspicious websites, our researchers discovered the "Seedify Regstration" scam. It imitates the Seedify website (seedify.fund). The scheme operates as a cryptocurrency drainer and steals funds from exposed digital wallets. It must be emphasized that this scam is not associated with
"Claim SatoshiDEX (SATX)" is a scam that is almost a perfect visual copy of SatoshiDEX (satoshidex.ai). Upon inspection, we determined that this fake page (satoshidex-ai[.]org and potentially others) is a cryptocurrency drainer. The scheme lures users into exposing their digital wallets to steal t
We have inspected this email and learned that its purpose is to extract personal information from recipients. Emails of this type are classified as phishing emails. This particular email is disguised as a letter regarding a change in the payroll report status to appear legitimate and lure recipien
"Aethir ($ATH) Allocation" is a scam imitating the Aethir platform (aethir.com). This scheme entices users to inadvertently expose their digital wallets to a crypto drainer by promoting an allocation increase of ATH cryptocurrency. Victims of this scam experience financial loss. IMPORTANT NO
UnicornSpy is malware used to steal sensitive information. Cybercriminals have been observed using UnicornSpy to target energy companies, factories, and suppliers (and developers) of electronic components. The channel used for the distribution of this malware is email. However, threat actors may a
We have inspected guardflares.com and discovered that it is a fake search engine. We also found that guardflares.com is promoted through a variety of browser hijackers, such as SpeedyLook, SearchNinja, BlazeSearch and many other. Search engines promoted through such extensions should not be truste
Ymir is a ransomware-type program. It operates by encrypting files (using ChaCha20 cryptographic algorithm) and demanding ransoms for the decryption. The filenames of files locked by Ymir are altered by being appended with an extension comprising a random character string. For example, a file ini
Our examination of SpeedyLook has revealed that it is an unreliable browser extension designed to hijack a web browser by changing its settings. This extension forces users to visit guardflares.com. Additionally, SpeedyLook enables the "Managed by your organization" setting (in Chrome browsers).
We have analysed this email and found that it is a scam email designed to appear like a notification from an email service provider. This email contains a link to a phishing website designed to steal personal information. Recipients should ignore such emails and know how to recognize them.