While investigating new file submissions to the VirusTotal platform, our research team discovered Scrypt ransomware. Its purpose is to encrypt files and demand payment for their decryption. On our testing system, this ransomware encrypted files and appended their filenames with a ".scrypt" extens
During our examination of nft-hedgies[.]com, we discovered that it is a scam website pretending to be a cryptocurrency airdrop (giveaway) launched by Hedgies (hedgies[.]wtf). Scammers behind nft-hedgies[.]com aim to lure potential participants into performing actions allowing scammers to steal cry
Vehu is ransomware that we discovered while examining malware samples uploaded to VirusTotal. Our findings are that Vehu belongs to the Djvu family, encrypts files, appends the ".vehu" extension to filenames, and provides a ransom note ("_README.txt"). It is worth noting that ransomware from the D
Paaa is a ransomware variant from the Djvu family. We discovered Paaa during our analysis of samples submitted to the VirusTotal site. This ransomware uses encryption to prevent victims from accessing their files. Additionally, it appends the ".paaa" extension to filenames and drops the "!!!README
Vepi is a ransomware variant belonging to the Djvu family. Our discovery of Vepi occurred during inspection of malware samples submitted to VirusTotal. Upon infiltration, Vepi encrypts files and appends the ".vepi" extension to filenames. It also provides a ransom note ("_readme.txt"). An example
Our research team found the myxioslive[.]com page while browsing dubious websites. This rogue webpage endorses browser notification spam and generates redirects to other (likely untrustworthy/dangerous) sites. Users primarily access pages like myxioslive[.]com via redirects caused by websites util
"Claim $ROCKY" refers to a fake website supposedly distributing the Rocky token. We found this scam promoted on rockybased[.]com, yet it could also be hosted elsewhere. "Claim $ROCKY" operates as a cryptocurrency drainer that steals digital assets from victims' cryptowallets. It must be emphasized
After examining an "Artrade #RWA" webpage, we determined that it is fake. The page – distribution-artrade[.]app – hosts a crypto drainer scam (note that it could be hosted on other domains). It imitates Artrade (artrade.app) – however, the scam is not associated with this or any other existing pl
After examining the naviprotocol[.]net page, we have determined that it is a copy of naviprotocol[.]io. The intention behind naviprotocol[.]net is to mislead visitors into taking actions that could result in the theft of their cryptocurrency holdings. In conclusion, naviprotocol[.]net is an untrus
After inspecting this "Claim Your AVAIL Rewards" airdrop, we determined that it is fake. The scheme imitates the Avail network (availproject.org) running a giveaway. This scam – availprojectorg[.]xyz (could be hosted elsewhere) – operates as a cryptocurrency drainer. It steals funds from compromis