Vehu is ransomware that we discovered while examining malware samples uploaded to VirusTotal. Our findings are that Vehu belongs to the Djvu family, encrypts files, appends the ".vehu" extension to filenames, and provides a ransom note ("_README.txt"). It is worth noting that ransomware from the D
Paaa is a ransomware variant from the Djvu family. We discovered Paaa during our analysis of samples submitted to the VirusTotal site. This ransomware uses encryption to prevent victims from accessing their files. Additionally, it appends the ".paaa" extension to filenames and drops the "!!!README
Vepi is a ransomware variant belonging to the Djvu family. Our discovery of Vepi occurred during inspection of malware samples submitted to VirusTotal. Upon infiltration, Vepi encrypts files and appends the ".vepi" extension to filenames. It also provides a ransom note ("_readme.txt"). An example
Our research team found the myxioslive[.]com page while browsing dubious websites. This rogue webpage endorses browser notification spam and generates redirects to other (likely untrustworthy/dangerous) sites. Users primarily access pages like myxioslive[.]com via redirects caused by websites util
"Claim $ROCKY" refers to a fake website supposedly distributing the Rocky token. We found this scam promoted on rockybased[.]com, yet it could also be hosted elsewhere. "Claim $ROCKY" operates as a cryptocurrency drainer that steals digital assets from victims' cryptowallets. It must be emphasized
After examining an "Artrade #RWA" webpage, we determined that it is fake. The page – distribution-artrade[.]app – hosts a crypto drainer scam (note that it could be hosted on other domains). It imitates Artrade (artrade.app) – however, the scam is not associated with this or any other existing pl
After examining the naviprotocol[.]net page, we have determined that it is a copy of naviprotocol[.]io. The intention behind naviprotocol[.]net is to mislead visitors into taking actions that could result in the theft of their cryptocurrency holdings. In conclusion, naviprotocol[.]net is an untrus
After inspecting this "Claim Your AVAIL Rewards" airdrop, we determined that it is fake. The scheme imitates the Avail network (availproject.org) running a giveaway. This scam – availprojectorg[.]xyz (could be hosted elsewhere) – operates as a cryptocurrency drainer. It steals funds from compromis
We have inspected the claim.scotttytheai[.]org page and discovered that it is a copy of scottytheai[.]com. The purpose of claim.scotttytheai[.]org is to deceive visitors into performing actions leading to the theft of their cryptocurrency holdings. Overall, claim.scotttytheai[.]org is a scam websi
After investigating this "LiquidEther Airdrop", we determined that it is fake. We found several webpages hosting this scam. It promises rewards to eligible users, and when they attempt to claim the gift – they are prompted to connect their digital wallets. This scheme operates as a cryptocurrency