Our inspection of toqutor[.]com has revealed that the purpose of this web page is to lure visitors into agreeing to receive its notifications. This deceptive site uses clickbait to achieve this goal. Users should never allow pages like toqutor[.]com to show notifications and close them if encounte
We have examined the site (blockchainverified.vercel[.]app) and discovered that it promotes a fake cryptocurrency giveaway (airdrop). Our discovery of this fraudulent page occurred during the analysis of a deceptive email. Users should avoid visiting blockchainverified.vercel[.]app and similar sit
Our inspection of the email has shown that it is fraudulent. Scammers created it to trick recipients into sending them money and (or) personal information. It is disguised as a letter regarding a cargo and includes a financial offer. Whoever receives this email should ignore it to avoid financial
Our examination of the email has revealed that it is a phishing email. It is disguised as a letter regarding a shared folder and designed to lure recipients into opening a deceptive page (through the provided link) and entering personal information. Recipients should be careful when encountering s
We have discovered that it is a typical pop-up scam designed to trick visitors into taking certain actions. Usually, scammers behind scams like this one use scare tactics to achieve their goals. Users should avoid visiting such pages and close them if they encounter them to avoid potential negativ
We have tested the PrimeLookup browser extension and found that adding it results in browser hijacking. Usually, extensions of this type change the settings of web browsers to promote certain addresses. PrimeLookup hijacks web browsers to promote finditfasts.com, a fake search engine. Upon
VXUG is ransomware, which our team discovered during an inspection of samples submitted to VirusTotal. We found that VXUG is a variant of CryLock. Once infiltrated, it encrypts and renames files and creates a ransom note ("how_to_decrypt.hta"). VXUG appends an email address, a number, and a victim
Our analysis of the email has revealed that it is a fraudulent letter masquerading as a notification from MetaMask regarding wallet verification. The scammers behind this phishing scheme aim to lure unsuspecting recipients into disclosing personal information on a fake web page. Recipients should
While analyzing malware samples uploaded to the VirusTotal platform, we discovered Hawk, a ransomware variant designed to encrypt files. In addition to encrypting data, Hawk creates a ransom note ("#Recover-Files.txt") and appends the victim's ID, sup.logical@gmail.com email address, and the ".haw
PlayBoy LOCKER is ransomware designed to encrypt files and append the ".PLBOY" extrension to filenames. It also generates a text file ("INSTRUCTIONS.txt") containing a ransom note and changes the desktop wallpaper. An example of how PlayBoy LOCKER modifies filenames: it changes "1.jpg" to "1.jpg.P