Green Blood is ransomware that we have discovered during our inspection of malware samples uploaded to VirusTotal. Once a system is infected, Green Blood encrypts files and appends the ".tgbg" extension to them (e.g., it renames "1.jpg" to "1.jpg.tgbg", "2.png" to "2.png.tgbg", and so forth). The
We have discovered PurpleCrypt0r while examining samples submitted to VirusTotal. Our analysis shows that PurpleCrypt0r is ransomware that encrypts files, appends the ".purple" extension to files, changes the desktop wallpaper, and creates the "readme.txt" file (a ransom note). An example of how
We reviewed the website (zrealsupercoin[.]live) and found that it is a scam. It falsely claims that visitors can join a cryptocurrency airdrop. The fraudsters behind it are trying to steal funds from crypto wallets, so engaging with this site could lead to serious financial loss. IMPORTANT N
We have concluded that it is a phishing email masquerading as an important message delivery notice from the email service provider. The email includes a link to a deceptive website that instructs visitors to provide personal information. Any details entered on that site are sent to scammers. Thus,
Our analysis has revealed that it is a scam email posing as a notification regarding an account verification. It is designed to appear urgent and important to trick recipients into opening the provided link. The ultimate goal is to steal personal information through a fake website. Recipients shou
GhostChat is an Android malware disguised as a chat platform (a dating app). It is designed to steal information from the infected devices. It seems that the cybercriminals behind GhostChat primarily target users in Pakistan. If detected on the device, GhostChat should be removed as soon as possib
Our researchers discovered the "Trust Wallet - Blue Moon Crypto Giveaway" scam while investigating untrustworthy websites. It impersonates the official site of Trust Wallet (trustwallet.com) and promotes a fake Blue Moon token giveaway. This is a phishing scam targeting cryptocurrency wallet log-i
After inspecting this "Voyage Travels & Tours Reservation" email, we determined that it is spam. This message queries the recipient on whether the reservation is an "all-inclusive package" or "half board". The purpose of this spam campaign is to infect recipients' devices with malware.
Our research team discovered kravonexta[.]com while browsing suspicious websites. This rogue page endorses browser notification spam and generates redirects to other (likely untrustworthy/dangerous) sites. Kravonexta[.]com and webpages akin to it are primarily accessed through redirects produced b
While investigating untrustworthy sites, our researchers discovered this fake "Raydium Staking" webpage. The purpose of this Raydium imitator is to deceive users into exposing their digital wallets to a cryptocurrency drainer – a mechanism designed to steal funds from exposed cryptowallets.