While investigating deceptive sites, our researchers discovered the "Claim $REZ" scam. It was endorsed on renzoprotocal.pages[.]dev, but it could be hosted elsewhere. The scheme is presented as an airdrop. However, this "Claim $REZ" page functions as a cryptocurrency drainer. Victims of this scam
Vilsa is a malicious program classed as a stealer. As the class implies, this malware is designed to extract and exfiltrate vulnerable data from compromised machines. Most stealers target log-in credentials (usernames/passwords) of various accounts, personally identifiable information, and finance
Crystal Rans0m is ransomware developed in Rust programming language. During our analysis, we noticed that it not only encrypts files but also steals information. Unlike most ransomware variants, Crystal Rans0m does not append any extension to the encrypted files. The ransom note provided by this r
Our researchers discovered ladsmusic[.]com while browsing suspicious websites. This rogue page promotes spam browser notifications and redirects users to other (likely unreliable/hazardous) sites. The majority of visitors to ladsmusic[.]com and webpages akin to it access them through redirects ge
Zinionifeish[.]com is a rogue webpage found by our research team during a routine investigation of untrustworthy sites. Upon examination, we determined that this page promotes browser notification spam and redirects users to different (likely dubious/malicious) websites. Most visitors enter webpa
Our inspection of the "Internet Bank System" email revealed that it is spam. It notifies about a received payment. The goal of this spam mail is to lure recipients into visiting a phishing website that targets email account log-in credentials (passwords). The spam email with the subject "D
Our team has inspected this email and found that it is written by scammers who attempt to trick recipients into revealing their personal information. Emails of this type fall into the category of phishing emails. Recipients should be aware of phishing attempts and ignore them. This scam em
We have tested the Cork.app application and learned that it is designed to generate intrusive advertisements. Typically, apps that behave like Cork.app are classified as adware. It is important to mention that Cork.app is part of the Pirrit family and has been flagged as malicious by over twenty
We have inspected gettllingovert[.]info and concluded that the purpose of this page is to receive permission to show notifications. However, gettllingovert[.]info uses a deceptive method to obtain this permission. Typically, when such sites are allowed to send notifications, they bombard users wit
After inspecting this "$CATE Airdrop", promoted on claim-cateoneth[.]com (could be hosted elsewhere), is fake. The scam claims to be distributing the CATE token. In fact, it operates as a cryptocurrency drainer – by draining digital assets from victims' cryptowallets. IMPORTANT NOTE: We do n