BLASSA is a malicious program categorized as ransomware. Malware of this kind operates by encrypting data and demanding ransoms for its decryption. After we executed a sample of BLASSA on our test machine, it encrypted files and added a ".blassa" extension to their filenames. For example, a file
Our team has inspected withbtrads[.]top and learned that this website cannot be trusted. It displays deceptive content (uses a clickbait technique) to obtain permission to show notifications. Typically, when users agree to receive notifications from such pages, they are bombarded with fake warning
CrypticSociety is ransomware designed to encrypt files. It is identical to another ransomware variant known as Blue. In addition to encrypting files, CrypticSociety renames them and provides a ransom note ("#HowToRecover.txt"). It replaces the names of encrypted files with a random string and appe
This "CARV Airdrop" is fake. We found this scam on carv-quests.pages[.]dev, but it could be hosted elsewhere. It is disguised as the CARV platform (carv.io) running an airdrop. Users lured into connecting their digital wallets to this scheme expose them to a cryptocurrency drainer. IMPORTANT
While inspecting clickbtrads[.]top, we found that this page uses clickbait to obtain permission to show notifications. Sites that use deceptive techniques to obtain this permission usually deliver misleading notifications. Therefore, it is important to avoid visiting clickbtrads[.]top and acceptin
ZipLOCK is ransomware that, unlike most malware of this type, does not encrypt files. It puts the victim's files into a password-protected ZIP file. Also, ZipLOCK creates a ransom note ("[ZipLOCK]INSTRUCTIONS.txt") and renames archived files by prepending "[ZipLOCK]" and appending ".zip". For exa
Our examination of the page (worldscoins-claims.pages.dev) reveals that it is a scam website aimed at stealing cryptocurrency from unsuspecting users. The site imitates world[.]org (the real website) to mislead visitors. This and similar sites should be recognized as scams and avoided. IMPOR
While examining the MAVIA Registration site (register-mavia[.]app), we discovered that it is a fraudulent page posing as the real site (mavia[.]com). The purpose of the fake page is to trick visitors into "registering" and stealing their cryptocurrency. Thus, it is highly advisable to avoid sites
While inspecting suspect websites, our researchers discovered the diddylliker[.]com rogue page. After investigating it, we learned that this webpage endorses browser notification spam and generates redirects to different (likely dubious/malicious) sites. Users primarily enter pages like diddyllik
Our researchers discovered this fake "OPTIMISM Airdrop" promoted on optimismclaim.pages[.]dev (could be hosted elsewhere). The scam imitates the Optimism network (optimism.io) running an airdrop. Instead of distributing tokens, this scheme functions as a cryptocurrency drainer. Victims of this hoa