Prinz Eugen is ransomware written in the Go programming language and first publicly documented by ThreatDown; our team also examined samples submitted to VirusTotal. It encrypts files and appends a .prinzeugen extension to every affected filename, making them impossible to open. On our test machi
During our investigation of suspicious websites, we examined tkstio.pages[.]dev and found it promotes a fake cryptocurrency airdrop for $TKST tokens. The site is designed to trick visitors into connecting their cryptocurrency wallets, which activates a drainer that silently moves funds to the scam
We have examined this email and determined it is a phishing scam. The message is disguised as an urgent security notice from the recipient's email service provider, falsely claiming that their password is about to expire. Its goal is to lure recipients into clicking fraudulent links that lead to a
We have examined this email and determined that it is a phishing scam. The message falsely claims that recipients must validate their cryptocurrency wallets to unlock financial benefits and exclusive rewards. Its actual purpose is to lure victims into visiting a fraudulent website and surrendering
We have inspected this email and determined it is a phishing scam. The message is disguised as an official billing notice from Zoho Workplace, falsely claiming the recipient's payment method failed and that services will be suspended unless billing details are updated immediately. This email shoul
During our investigation of suspicious websites, we analyzed ton-keeper.pages[.]dev and found that it promotes a fake Tonkeeper airdrop. The site impersonates the official Tonkeeper wallet platform and is designed to deceive visitors into connecting their wallets, activating a drainer that steals
While investigating suspicious websites, our researchers came across governance-arc[.]com - a page imitating the official Arc blockchain platform. It promotes a fake "Community Rewards Proposal," asking visitors to vote on the timing of the next rewards distribution. The real purpose of this site
While investigating dubious websites, our researchers examined etherfi-wc26[.]com and found it to be a fraudulent page impersonating the ether.fi Cash platform. The site promotes a fake World Cup 2026 voting rewards campaign and operates as a cryptocurrency drainer targeting visitors' wallets.
During our investigation of genesispool[.]org, we found that this site promotes a fake Ethereum token airdrop. The page falsely claims to distribute 12.5 million tokens to early community members. In reality, it is a fraudulent website designed to steal cryptocurrency by harvesting wallet recovery
We have examined this email and determined it is a scam. It impersonates a LinkedIn business notification, falsely claiming that a contact has sent a purchase inquiry. The aim is to lure recipients into a credential-harvesting page. This email should be deleted without engaging with any part of it