During our examination of the Wormhole malware, we discovered that it operates as ransomware: its purpose is to encrypt files and demand ransom for file decryption. In addition to encrypting files, Wormhole appends its extension (".Wormhole") to filenames and provides a ransom note ("How to recove
We have inspected the fraudulent Ice token distribution site (giveaway-ice[.]io) and found that its purpose is to steal cryptocurrency from unsuspecting individuals. The fake website (giveaway-ice[.]io) masquerades as the real Ice Open Network page (ice[.]io) to trick users into participating in a
Lovelypush[.]club is a rogue page discovered by our researchers during a routine inspection of suspicious websites. Upon examination, we determined that lovelypush[.]club promotes browser notification spam and redirects users to different (likely dubious/malicious) sites. Most visitors to webpage
After examining the "Salary Increase" email, we determined that it is spam. This phishing mail targets email account log-in credentials. The lure used to trick recipients into disclosing this information is a fake document sent by their HR regarding a salary increase. The spam email with t
Upon inspection, we determined that this "Polyhedra Network $ZK Airdrop" is fake. This cryptocurrency giveaway promoted on polyhedra[.]ltd is merely a lure, and it is not associated with either the Polyhedra Network or zkBridge. This scheme impersonates the aforementioned platform and protocol. Y
We have examined this email and discovered that it is a scam email masquerading as a letter regarding a large amount of money that has been supposedly stolen from the recipient. The intent of the scammers behind this email is to deceive the recipient into divulging personal information and (or) tr
Our researchers found the mysrverav[.]com page during a routine investigation of dubious websites. This rogue webpage promotes deceptive content and browser notification spam. It can also redirect visitors elsewhere (likely untrustworthy/dangerous sites). Pages like mysrverav[.]com are most commo
"LightLink Wallet Connect" (as hosted on lightlink-x[.]com) is a scam that perfectly imitates the LightLink blockchain platform. The imitator operates as a cryptocurrency drainer that empties funds from victims' digital wallets. It must be emphasized that the fake website is not associated with L
After we inspected the "Internet Is A Dangerous Place" email, it became evident that this is a sextortion scam. This bogus letter claims that the recipient's devices were infected, and the infection proliferated to their contacts and family. This unauthorized and illegal access was used to collect
Upon thorough examination, we have determined that this email embodies the characteristics of a classic sextortion scam. These scams typically involve cybercriminals threatening to expose sensitive or compromising information about the recipient unless a ransom is paid. Recipients should disregard