SteelFox is a trojan – specifically, a malware bundle with its primary components including a data stealer and cryptocurrency miner. SteelFox infiltrates systems through a sophisticated infection chain. This trojan has been around since at least 2023, and it was noted being proliferated under the
Fake Virtuals Protocol website refers to a site imitating the Virtuals Protocol platform (virtuals.io). It is a scam that lures users into connecting their digital wallets to a cryptocurrency drainer. We found this scheme on app-virtual.pages[.]dev, but it could be promoted on other domains. Vict
Our team has tested the Advanced Ad Blocker extension and found that it can generate unwanted advertisements. Thus, we classified Advanced Ad Blocker as adware. Users often are tricked into installing adware on their computers or adding adware-type extensions to their browsers. It is advisable to
Frag ransomware is a type of malware designed to encrypt data and demand payment for the decryption. Files encrypted by this software have their names altered with a ".frag" extension that is added to them. For example, a file initially titled "1.jpg" becomes "1.jpg.frag", "2.png" – "2.png.frag",
ElizaRAT is a RAT (Remote Access Trojan) written in .NET. It is known that the malware used services like Slack, Telegram, and Google Drive for command-and-control (C2). Cybercriminals behind ElizaRAT can take control of infected computers and perform various malicious actions. Victims should elim
"$RIO Rewards" is a scam that mimics the Realio platform (realio.network). The fake page promises RIO rewards – the cryptocurrency and utility token of Realio Network – to users who register within 24 hours. Those who try to register on the imitator site expose their digital wallets to a cryptocur
During our inspection of the website (qnt-sushi[.]top), we found that it mimics the official Sushi page (sushi.com). The purpose of the fake site is to steal cryptocurrency holdings from unsuspecting individuals. Scammers behind the fraudulent page offer users rewards as a lure. This page should b
Winos4.0 is a malicious framework composed of multiple modules. Attackers can use such malware to carry out varied and multi-functional infections. Winos4.0 functions as a backdoor, a type of malware capable of causing further infections. The framework's capabilities are expanded through the intr
While browsing suspicious sites, our researchers discovered this fake "TRIAS Token Contract Swap" on newtriasmigrate[.]website (other domains are not unlikely). The scam imitates the official Trias site (trias.one), and attempts to lure users into exposing their digital wallets to a crypto draine
Our team has examined this email and found that it is intended to appear as a notification from an email service provider regarding account security. This is a phishing email crafted by scammers who aim to steal personal information from recipients. It is worth noting that there are two versions o