We discovered the "$W Token Distribution" scam, as endorsed on whitelistworm.pages[.]dev (note that it could be hosted elsewhere), during a routine inspection of untrustworthy websites. While the scheme presents users with an opportunity to receive W tokens, it functions as a crypto drainer. The
This "$PEPU Presale" is a scam. It is presented as a presale event for a memecoin. However, this fake site promotes a phishing scam targeting digital wallet log-in credentials. Victims of this scheme risk having their wallets hijacked and the funds stored therein – stolen. IMPORTANT NOTE: We
While browsing suspect websites, our researchers discovered this fake "Wallet Guard" page (walletguard-a6b.pages[.]dev; could be hosted elsewhere). It is disguised as a free tool for detecting various crypto-centered scams, including drainers. Instead of providing these services, the bogus webpag
Evidence Of Child Pornography ransomware is a type of malware designed to encrypt the victim's files. Also, this ransomware provides two ransom notes ("READ ME !.txt" and "[username]_GUI.html") and appends a random extension to filenames. For example, it renames "1.jpg" to "1.jpg.d3prU", "2.png" t
Our research team discovered strognethipst[.]com while investigating untrustworthy sites. This rogue webpage promotes browser notification spam and generates redirects to different (likely dubious/malicious) websites. Pages like strognethipst[.]com are most commonly accessed via redirects caused
While investigating suspect sites, our researchers discovered this fake "GetFit Mining" webpage – getfitmining.pages[.]dev (note that this scam could also be hosted on other domains). It is presented as a blockchain platform that offers users various rewards and purchase opportunities. This schem
Upon examining thoabsoul[.]com, we concluded that it is an untrustworthy website hosting a fraudulent survey. Also, thoabsoul[.]com aims to receive permission to send notifications to devices. Users should not grant sites like thoabsoul[.]com permission to show notifications and avoid visiting the
Our team has inspected srmadsmebook[.]org and discovered that it is one of the numerous websites designed to trick visitors into agreeing to receive their notifications. Once visited, srmadsmebook[.]org presents misleading content to lure visitors into permitting it to show notifications.
During an examination of malware samples uploaded to VirusTotal, our team discovered a ransomware variant known as Moon. This ransomware encrypts files and renames them by appending a string of various characters and the ".moon" extension to filenames. Also, Moon drops a ransom note named "README.
We have inspected protectedscans[.]com and found it to be a misleading website. On protectedscans[.]com, visitors are presented with a fake warning and a request to show notifications. Websites like protectedscans[.]com should never be visited or allowed to send notifications. Protectedsca