BabbleLoader is a malicious program classified as a loader. It is designed to cause further infection by downloading/installing additional malware onto systems. BabbleLoader has been noted infiltrating stealers into compromised devices. This loader uses a variety of sophisticated detection and ana
After examining this "Ledger Recovery Phrase Verification" email, we learned that it is fake. This message falsely claims that the Ledger cryptocurrency wallet service has experienced a data breach, during which the log-in credentials of some cryptowallets might have been exposed. Hence, the reci
We have examined chautcheestub[.]com and found that it displays deceptive content and wants to show notifications. Usually, notifications from sites like chautcheestub[.]com are utilized to promote various scams and other fraudulent schemes. Thus, chautcheestub[.]com should be avoided. Cha
WezRat is malware written in C++. Cybercriminals use it to steal information and perform other malicious activities. The malware has been active for over a year, with evolving modules and infrastructure. The latest version of WezRat was observed being distributed through deceptive emails.
Our research team found the bestsecretvideos[.]online rogue page while investigating dubious websites. After inspecting this webpage, we learned that it endorses browser notification spam and redirects users to different (likely untrustworthy/hazardous) sites. Most visitors access bestsecretvideo
During our inspection of columnstoodth[.]com, we found that this page uses clickbait to obtain permission to show notifications. If allowed, columnstoodth[.]com can send deceptive notifications. Therefore, users are advised not to trust columnstoodth[.]com (avoid visiting the page and granting it
While investigating deceptive websites, our researchers discovered this fake "$PAW Token Exchange". It was endorsed on claims-pawfury[.]app (potentially on other domains). Regardless of any similarities to existing projects, platforms, and entities – this scam is not associated with any of them. T
SHAVELP**SY (censored) is ransomware our team discovered while analyzing malware samples uploaded to VirusTotal. We found that it encrypts files, appends the ".p**sylikeashavel@cyberfear.com" extension to filenames, and creates a ransom note ("README_SHAVEL.txt"). An example of how SHAVELP**SY mo
While inspecting samples submitted to VirusTotal, we discovered R2Cheats, a ransomware variant that encrypts files and appends "_R2Cheats" to filenames. It also provides a ransom note ("ransom_note.txt"). An example of how R2Cheats renames files: it changes "1.jpg" to "1.jpg_R2Cheats", "2.png" to
Our researchers discovered this fake "LINGO Airdrop" during a routine investigation. The scam entices users into exposing their wallets to a cryptocurrency drainer. Victims of this scheme experience financial loss. It must be stressed that this bogus airdrop is not associated with the actual Lingo