While analyzing new submissions to VirusTotal, our research team discovered the AttackFiles malicious program. It belongs to the MedusaLocker ransomware family. Software within this category is designed to encrypt files in order to demand ransoms for their decryption. When we launched a sample of
In our investigation of the website, we found it to be a phishing site posing as trezor[.]io. This scam platform aims to deceive users into divulging personal information with the intention of stealing cryptocurrency wallets and draining funds. Therefore, users should refrain from providing any in
$EBC is ransomware designed to prevent victims from accessing files. Upon infiltration, $EBC encrypts files, appends the ".$EBC" extension to filenames, and displays a full-screen ransom note. An example of how $EBC modifies filenames: it changes "1.jpg" to "1.jpg.$EBC", "2.png" to "2.png.$EBC", a
Our analysis uncovered evidence that the Creso Rewards site is operating as a fraudulent entity, presenting itself as an authentic platform (creso[.]io). This deceptive mimicry indicates that the scam is designed to exploit the credibility and reputation of the legitimate Creso platform to deceive
Upon our examination, we discovered that the SAGA airdrop (giveaway) is a scam. It is orchestrated by scammers who seek to deceive individuals into believing they can obtain free cryptocurrency. However, their true intention is to steal cryptocurrency from unsuspecting victims. Thus, this SAGA air
After analyzing cosmicnewspulse[.]com, we have concluded that it is an untrustworthy website employing clickbait tactics to coax visitors into enabling notifications. Additionally, we found that cosmicnewspulse[.]com has the potential to redirect users to other questionable websites. Therefore, it
While reviewing file submissions to the VirusTotal website, our research team discovered the AgentLocator application. Upon examination, we determined that it is adware. This app is part of the AdLoad malware family. Advertising-supported software generates revenue for its developers through ad
The "Solana Mobile" scam mimics the official Solana subsidiary's website of the same name. It lures users into exposing their cryptowallets to a drainer. These types of scams are intended to pilfer cryptocurrency from victims' wallets. This scheme imitates the legitimate website of Solana
"Claim $PRCL" refers to scam websites mimicking official Parcl-related platforms. These sites offer PRCL tokens in bogus airdrops, allocations, giveaways, or presale events. The scam aims to trick users into exposing their digital wallets to a cryptocurrency drainer designed to empty them of fund
XploitSPY is an Android-specific malware. This program is based on the L3MON RAT (Remote Access Trojan). XploitSPY has extensive data-stealing functionalities and has been observed infiltrating devices bundled with various legitimate-looking applications. This malware has been around since at lea