During our inspection of the MagnaEngine browser extension, we found that it operates as a browser hijacker. This extension hijacks a browser by changing its settings. The purpose of MagnaEngine is to promote a fake search engine. Also, MagnaEngine enables the "Managed by your organization" featur
While inspecting new submissions to the VirusTotal platform, our research team discovered a malicious program named IRIS. It is based on the Chaos ransomware. IRIS encrypts files and demands payment for their decryption. On our testing system, this ransomware locked files and appended their filen
After thoroughly examining the website (blockdag[.]services), we have confirmed it to be a fraudulent imitation of the official BlockDAG Network website. The creators of this deceptive page intend to steal digital assets (cryptocurrency) from unsuspecting victims. Consequently, it is strongly advi
During our inspection, we discovered that Rincrypt 2.0 is ransomware based on Chaos ransomware. We discovered Rincrypt 2.0 while inspecting malware samples submitted to VirusTotal. This ransomware appends four random characters to the names of encrypted files, changes the desktop wallpaper, and cr
"Claim Ethena" is a scam presented as the official Ethena website. Users are lured into "connecting" their digital wallets by a promise of being able to claim the ENA (Ethena) cryptocurrency. Instead, the scheme triggers a crypto drainer that can steal funds out of exposed wallets. The "Cl
Our researchers discovered the Total Audio Formatter app while investigating a P2P sharing (Torrenting) site that uses rogue advertising networks. It is a Potentially Unwanted Application (PUA). Software within this classification often has harmful capabilities. Additionally, installers like the
"AVG - Your PC Is Infected With 18 Viruses" is a scam that our research team discovered while browsing dubious websites. It claims that the user's device is infected with multiple threats. The scheme's goal is to deceive users into downloading/installing the promoted software. This scam pe
"STEPN ALPHA EVENT" is a scam that impersonates the STEPN platform (stepn.com). When users attempt to register on the fraudulent website, they are deceived into exposing their digital wallets to a cryptocurrency drainer. This scheme imitates the STEPN NFT-based platform that incorporates g
SHARPIL is a type of remote access Trojan (RAT) that allows unauthorized users to gain remote control over a victim's computer. Once infiltrated, RATs enable attackers to execute various malicious actions on infected systems, such as stealing sensitive data, installing additional malware, taking s
During our evaluation, it has become evident that the MOBY Project (launchmoby[.]com) is a fraudulent scheme posing as a genuine platform for cryptocurrency investment, staking, and other related activities. Scammers use the MOBY Project site to steal cryptocurrency from victims. Thus, users shoul