While inspecting new file submissions to the VirusTotal platform, our researchers discovered the Robaj ransomware. After this malware was executed on our testing system, it encrypted files and dropped a ransom note – "readme.txt" – demanding payment for the decryption. The locked files had their
Upon closer inspection of the site (mage-airdrop-merlinchain[.]com), we identified that it is a deceptive website promoting a fake cryptocurrency giveaway (airdrop). This scam page is presented as the number one decentralized exchange in the Bitcoin ecosystem. Scammers use this website to steal cr
After inspecting this "Blaster Token ($BLSTR) Early Access" airdrop, we determined that it is a scam. This scheme was hosted on added-ones[.]info, and it claims to be distributing Blaster tokens (BLSTR). It operates as a cryptocurrency drainer that steals funds from compromised digital wallets. I
In the process of reviewing the malware, it became apparent that Tuborg is ransomware (not associated with the Tuborg Brewery in any way) designed to encrypt files. We discovered Tuborg ransomware while examining malware samples submitted to VirusTotal. In addition to encrypting files, Tuborg chan
During an analysis of the site (airdrop-doggotothemoon[.]xyz), it has come to our attention that it is a scam website promoting a fake Dog RuneStone airdrop (a cryptocurrency giveaway). The scammers behind this page aim to trick potential participants into believing they can receive free cryptocur
Our researchers found the mydotheblog[.]com rogue page while investigating untrustworthy websites. After inspecting it, we determined that this webpage promotes browser notification spam and redirects users to other (likely dubious/dangerous) sites. Users most commonly enter pages like mydotheblo
Upon examination, we determined that the "Quote For The Attached Products" email is spam. It is presented as a potential purchase inquiry that directs users into accessing a nonexistent attachment. The goal of the spam mail is to redirect recipients to a phishing website that targets log-in creden
After reading the "British American Tobacco Company Promotion" email, we determined that it is spam. The scam letter claims that the recipient was selected as a winner in a promotion supposedly held by the British American Tobacco company. It must be stressed that this prize is nonexistent, nor h
After investigating this "$SAFE Token Airdrop", as promoted on the blackpanther-claim[.]network webpage, we determined that it is a scam. It imitates the Safe platform (safe.global) running an airdrop with the goal of luring victims into exposing their digital wallets to a cryptocurrency drainer.
While inspecting unreliable sites, our researchers discovered the thaksaubie[.]com rogue webpage. It seeks to deceive users into allowing the delivery of spam browser notifications. Thaksaubie[.]com can also redirect users elsewhere (likely untrustworthy/dangerous websites). Most visitors stumble