While inspecting Darkadventurer, we found that it is a ransomware variant based on Chaos ransomware. Darkadventurer encrypts files, appends random extensions to filenames, changes the desktop wallpaper, and drops a ransom note ("read_it.txt" file). An example of how it renames files: it changes "1
Our researchers discovered this fake "$MPEPE PRESALE" while investigating dubious websites. The scam site is supposedly running a presale event for the Mpeppe (MPEPE) memecoin. Instead, it operates as a phishing scam and targets cryptowallet log-in credentials. IMPORTANT NOTE: We do not revi
We found this fake "Unichain Rewards" site – unichain-quest[.]com – (could be hosted elsewhere) while investigating deceptive websites. This scam promises rewards for bridging. Instead of granting any benefits, this fraudulent webpage facilities a crypto drainer. Basically, the scheme steals digit
While investigating suspicious websites, our researchers discovered the "MANTRA Registration" scam (mainnet-mantra[.]trade; could be hosted elsewhere). The scheme promises various rewards for registration, and when users attempt to register – they expose their digital wallets to a cryptocurrency d
We have analyzed this email and learned that it is a scam. It is disguised as a notification from Capital One Financial Corporation and contains a file designed to open a fake document containing a phishing form. The purpose of this scam email is to trick recipients into disclosing personal inform
Upon examination, we determined that this "Tether Giveaway" is fake. When users attempt to claim the Tether cryptocurrency (USDT) supposedly distributed by this scam, they unintentionally expose their digital wallets to a crypto drainer. Victims of this scheme experience financial loss. IMP
Our analysis of amazonflow[.]top has revealed that the purpose of this site is to obtain permission to send notifications through clickbait. Once allowed, amazonflow[.]top can deliver a variety of misleading notifications. Users should avoid visiting amazonflow[.]top and never agree to receive not
ZoomFind is an extension classed as a browser hijacker. It was discovered in an installation setup promoted by a deceptive webpage, which was endorsed via redirect by a Torrenting site that uses rogue advertising networks. ZoomFind alters browser settings to push (through redirects) fake search e
During our inspection of claim-moonbag-org.pages[.]dev, we found that it is a web page promoting a MoonBag coin ($MBAG) presale. However, further analysis has shown that this website is fraudulent. It is owned by scammers who seek to steal cryptocurrency from victims. Therefore, claim-moonbag-org.
Our analysis of datingdreamer[.]top has shown that the goal of this web page is to receive permission from visitors to send them notifications. This site uses clickbait to obtain this permission. If allowed, datingdreamer[.]top can bombard users with annoying and deceptive warnings, alerts, and ot