After investigating the "DOGEVERSE Pre-launch", as promoted on appsclaim-dogeverse[.]com, we determined that it is a scam. It is an almost perfect visual copy of the Dogeverse ecosystem (thedogeverse[.]com). The fake site operates as a phishing scam and targets victims' cryptowallet log-in credent
Our team has examined the site (blockchainsynced.pages[.]dev) and discovered that it is a scam website posing as a platform offering a protocol for syncing various cryptocurrency wallets. On this scam page, individuals are instructed to connect their wallets, which can lead to the loss of their cr
While examining malware samples submitted to VirusTotal, we discovered a ransomware variant belonging to the Makop family known as DORRA. This ransomware is designed to prevent victims from accessing their files by encrypting them. Also, DORRA renames files and provides a ransom note ("+README-WAR
Our research team discovered the nwsbstwrld[.]com rogue page while browsing suspicious websites. After examining this webpage, we determined that it endorses browser notification spam and generates redirects to different (likely dubious/malicious) sites. Nwsbstwrld[.]com and pages akin to it are
After inspecting the "e-Mail Support Center" letter, we determined that it is spam. It promotes a phishing scam – the email makes false claims regarding the recipient's account password expiring soon in order to trick them into disclosing it. Thus, the scheme enables scammers to steal exposed emai
"Word Online Extension Is Not Installed" is part of the campaign (known as ClickFix) utilized to infect victims' devices with the DarkGate malware. This scheme was observed being promoted via spam emails instructing recipients to open their HTML attachments. These files display fake pop-ups claim
RansomHub is ransomware, a type of malware that encrypts files and provides victims with instructions on how to pay for their decryption. Additionally, RansomHub renames files by appending a string of random characters to filenames (e.g., it renames "1.jpg" to "1.jpg.9a311a" and "2.png" to "2.png.
We have examined nexaapptwp[.]top and noticed that this page uses a clickbait technique (a deceptive method) to lure users into allowing it to display notifications. Additionally, nexaapptwp[.]top redirects visitors to other dubious websites. Therefore, users should avoid visiting nexaapptwp[.]top
While investigating dubious websites, our researchers found the TjboApp PUA (Potentially Unwanted Application). Software within this category usually possesses undesirable or harmful capabilities. PUAs tend to infiltrate systems in bundles (i.e., packed together with other suspect software). This
Orbit is ransomware that our team discovered while inspecting samples submitted to VirusTotal. This ransomware encrypts and renames files (it appends a string of random characters, likely the victim's ID, and the ".orbit" extension). Also, Orbit generates a ransom note, the "README.TXT" file. An