DoubleTrouble is a banking Trojan targeting Android users. It is capable of stealing various information using different techniques. DoubleTrouble was initially spread via phishing sites mimicking major European banks, but now is delivered using fake websites hosting malware directly on Discord ch
While inspecting suspicious sites, our research team discovered this fake "Centric" website. It imitates the official site of the Centric dual-token cryptocurrency (centric.com). The purpose of this scam is to trick users into exposing their digital wallets to a cryptocurrency drainer. IMPOR
During our examination of claim.naoriprotocol[.]xyz, we found that it is a fraudulent website. It mimics the original Naoris Protocol website (naorisprotocol.com) to trick visitors into connecting their wallets. The ultimate goal is to steal cryptocurrency from users. IMPORTANT NOTE: We do n
We have analysed the site and found that it uses a misleading method to get permission to show notifications. If allowed, getrondure24[.]com can deliver messages containing fake alerts, offers, and similar content with links to unreliable websites. Users should not visit getrondure24[.]com or allo
Glsadvertising[.]com is a rogue webpage designed to promote browser notifications spam and generate redirects to different (likely dubious/malicious) sites. Most visitors access pages like glsadvertising[.]com via redirects caused by websites utilizing rogue advertising networks. In fact, our res
Our research team discovered the globalfondsblog[.]com rogue page while browsing dubious websites. After inspecting this webpage, we learned that it promotes browser notification spam and redirects users to different (likely unreliable/hazardous) sites. Globalfondsblog[.]com and analogous pages a
We have inspected glsfreeads[.]com and found that it is a fraudulent site designed to manipulate users into enabling notifications through clickbait. If allowed, the site can deliver false alerts and similar messages aimed at directing users to potentially dangerous websites. Thus, glsfreeads[.]co
NoBackups is ransomware our team discovered while examining malware samples uploaded to VirusTotal. Our analysis shows that NoBackups encrypts files, appends the victim's ID and ".nobackups" extension to them, and generates a ransom note ("README.TXT"). An example of how NoBackups changes the nam
Our analysis of galeritintite[.]com has revealed that it is a deceptive website that wants to show notifications and uses clickbait to obtain permission to do so. If allowed, galeritintite[.]com can send fake warnings and other misleading notifications to promote potentially malicious sites.
We have inspected the website (nuralabs.pages[.]dev) and found that it mimics the original Nura Labs page (nura.gg). The fake site includes a malicious tool allowing scammers to steal crypto. Thus, interacting with it can lead to significant financial loss. Users should avoid the fake NuraLabs sit