After inspecting "IRS Crypto", we determined that it is a scam. It imitates the IRS (Internal Revenue Service); specifically, it is presented as a portal for handling taxes on cryptocurrency. When users connect their digital wallets to this fake website, it begins operating as a crypto drainer. E
This app named "World Wide Web" is a PUA (Potentially Unwanted Application). Software within this classification typically possesses undesirable and even harmful functionalities. The installer we discovered promoting the World Wide Web application included other suspicious software. It is notewor
Laxsearch.com is the address of a fake search engine endorsed by the Lax Search browser hijacker. It makes modifications to browser settings in order to generate redirects to the laxsearch.com site. It is likely that Lax Search also spies on users' browsing activity. Lax Search makes alter
After examining the Universal Browser app, its actual purpose remained unclear, although the app's name suggests that it is a web browser. It is important to note that multiple security vendors flagged both the installer distributing Universal Browser and the app itself as malicious. Thus, users s
Our examination of the Jirin.app has revealed that this app is one of the many adware-type apps belonging to the Pirrit family. The purpose of this program is to deliver intrusive and potentially misleading advertisements to users. Thus, Jirin.app should be uninstalled from devices. Jiri
Upon examining alladvertisingdomclub[.]club, we concluded that the purpose of this page is to deceive unsuspecting visitors into allowing it to show notifications. Also, alladvertisingdomclub[.]club can redirect users to other web pages. Overall, alladvertisingdomclub[.]club is an unreliable websi
While investigating new file submissions to the VirusTotal platform, our research team discovered Scrypt ransomware. Its purpose is to encrypt files and demand payment for their decryption. On our testing system, this ransomware encrypted files and appended their filenames with a ".scrypt" extens
During our examination of nft-hedgies[.]com, we discovered that it is a scam website pretending to be a cryptocurrency airdrop (giveaway) launched by Hedgies (hedgies[.]wtf). Scammers behind nft-hedgies[.]com aim to lure potential participants into performing actions allowing scammers to steal cry
Vehu is ransomware that we discovered while examining malware samples uploaded to VirusTotal. Our findings are that Vehu belongs to the Djvu family, encrypts files, appends the ".vehu" extension to filenames, and provides a ransom note ("_README.txt"). It is worth noting that ransomware from the D
Paaa is a ransomware variant from the Djvu family. We discovered Paaa during our analysis of samples submitted to the VirusTotal site. This ransomware uses encryption to prevent victims from accessing their files. Additionally, it appends the ".paaa" extension to filenames and drops the "!!!README