SHAVELP**SY (censored) is ransomware our team discovered while analyzing malware samples uploaded to VirusTotal. We found that it encrypts files, appends the ".p**sylikeashavel@cyberfear.com" extension to filenames, and creates a ransom note ("README_SHAVEL.txt"). An example of how SHAVELP**SY mo
While inspecting samples submitted to VirusTotal, we discovered R2Cheats, a ransomware variant that encrypts files and appends "_R2Cheats" to filenames. It also provides a ransom note ("ransom_note.txt"). An example of how R2Cheats renames files: it changes "1.jpg" to "1.jpg_R2Cheats", "2.png" to
Our researchers discovered this fake "LINGO Airdrop" during a routine investigation. The scam entices users into exposing their wallets to a cryptocurrency drainer. Victims of this scheme experience financial loss. It must be stressed that this bogus airdrop is not associated with the actual Lingo
Our researchers found the safetydefender[.]top rogue page while inspecting dubious websites. After examining this webpage, we determined that it promotes browser notification spam and generates redirects to different (likely unreliable/dangerous) sites. Safetydefender[.]top and similar pages are
While investigating suspicious sites, our research team discovered this fake "Trust Wallet Airdrop". The scam imitates the official Trust Wallet website – trustwallet.com; not only in appearance but also with its URL – claiming-trustwallet[.]com (other domains are possible). It must be emphasized
PXA stealer is a type of malware designed to steal vulnerable information. This malicious program is written in the Python programming language. PXA stealer targets various log-in credentials, credit card numbers, cryptowallets, and other sensitive data. It is known that the cyber criminals behin
"Fake BitPay Wallet" refers to a scam that masquerades as the official website of BitPay (bitpay.com) – a cryptocurrency payment service provider. The fake page claims that 1.824 BTC (Bitcoin cryptocurrency) is pending transfer to the user's wallet. The goal is to deceive the victim into paying a
Glove is an information stealer written in .NET. It is capable of harvesting sensitive information from browsers (including added extensions) and software installed on computers. Threat actors have been observed distributing Glove stealer through deceptive emails. Infected computers should be scan
Thi-tl is a series of domains with different numbers in their URLs. We discovered the purpose of these pages is to trick visitors into permitting them to show notifications. When on thi-tl sites, users are presented with a misleading message (or messages). Pages that use deception to obtain permis
While investigating new malware submissions to VirusTotal, our researchers discovered the Biobio ransomware. It is a variant of the Kasper ransomware. Programs of this kind encrypt data and demand ransoms for its decryption. On our test machine, Biobio (Kasper) ransomware encrypted files and modi