While browsing suspicious websites, our researchers found this fake "Wojak" airdrop. Upon further inspection, we determined that this deceptive page operates as a cryptocurrency drainer. Essentially, this scam steals funds from compromised digital wallets. IMPORTANT NOTE: We do not review cr
Our researchers found the prochainedge[.]com rogue page while investigating suspicious websites. It operates by promoting browser notification spam and redirecting users to different (likely unreliable/harmful) sites. Most users access prochainedge[.]com and similar webpages via redirects caused b
While browsing suspicious websites, our researchers discovered this fake "OpenChat ($CHAT) Token" airdrop. The webpage impersonates OpenChat's official website (oc.app) and promotes an airdrop of the CHAT token. The purpose of this scam is to deceive visitors into exposing their digital wallets to
Our researchers discovered this fake "Xmas Cult (XMAS)" airdrop while investigating deceptive websites. Upon examination, we determined that this scam operates as a cryptocurrency drainer. It seeks to steal the digital assets stored in victims' cryptowallets. IMPORTANT NOTE: We do not review
After inspecting this "Security Alert: Unsuccessful Login On A New Device" email, we determined that it is fake. This message informs the recipient of an unsuccessful sign-in attempt to their email account. If they do not recognize this activity, they are urged to take immediate action. The goal i
Our inspection of the website (eligibility-humidifi[.]org) has revealed that it mimics the original HumidiFi site (humidifi.xyz). The fraudulent copy is operated by scammers who aim to steal cryptocurrency from victims. This scam page should be avoided to prevent financial loss. IMPORTANT NO
While browsing new submissions to the VirusTotal website, our researchers discovered the XEX ransomware. This malware is designed to encrypt data and demand payment for the decryption. After the XEX malware was executed on our testing system, it encrypted files. Yet, unlike most ransomware-type p
Our analysis shows that rettonomper[.]com uses clickbait to convince visitors to accept its notifications. Allowing rettonomper[.]com to show notifications can result in getting fake warnings, offers, and other deceptive messages designed to promote potentially malicious websites. Overall, this we
We have inspected the Frenesis Nexus malware and found that it operates as ransomware. Our team came accross this ransomware during an examination of samples submitted to VirusTotal. Once Frenesis Nexus is executed, it encrypts files and appends its extension (".frenesis") to files. For instance,
Our analysis shows that DEVMAN 21 is ransomware designed to encrypt files. We discovered it while inspecting samples uploaded to VirusTotal. Once executed, DEVMAN 21 not only encrypts data, but it also appends its extension (".devman21") to files and drops a text file ("!!!_README_!!!.txt") contai