Qeza is a ransomware variant from the Djvu family that we discovered during an analysis of samples submitted to VirusTotal. Ransomware is a type of malware that encrypts files and demands payment for their decryption. In addition to encrypting files, Qeza appends its extension (".qeza") to filenam
During our examination of the claim-hyperliquid[.]xyz site, we found that this page promotes a cryptocurrency airdrop. However, further analysis revealed that claim-hyperliquid[.]xyz is a fake page masquerading as a legitimate cryptocurrency trading platform (hyperliquid[.]xyz). This deceptive sit
After examining a website offering gifts for the Valorant video game, we determined that it is fake. The scam states that users can claim one thousand Radianite points for free. This fake giveaway operates as a phishing scam and targets Valorant account log-in credentials. It must be stressed tha
After inspecting the "Klaytn ($KLAY) Airdrop", as promoted on klay-foundation[.]com, we determined that it is fake. The scheme imitates the Klaytn platform (klaytn.foundation). This fraudulent airdrop is used to lure users into exposing their digital wallets to a crypto drainer. Hence, victims of
After reading the "Your System Has Been Cracked" email, we determined that it is spam promoting a sextortion scam. This letter falsely claims that the recipient's device was hacked by the sender and used to record a compromising video. The recording will be sent to the recipient's contact lists if
We have examined this email and found that it is a scam email disguised as a notification from an email service provider regarding a mailbox update. This scam email contains a link to a fake website designed to extract personal information. Anyone who receives this or a similar email should refrai
While browsing questionable websites, our researchers found the girlzsportteam[.]top rogue page. After inspecting it, we determined that this webpage pushes spam browser notifications and redirects to different (likely unreliable or hazardous) sites. Visitors to girlzsportteam[.]top and similar p
After examining the "Wells Fargo - Account Verification Required" email, we determined that it is fake. This spam letter warns that the recipient risks having their bank account suspended if they do not renew their information. This deceptive mail aims to steal victims' online banking accounts thr
Our analysis of the claim.debridgefinace[.]com site revealed that it is a fake website, a copy of the legitimate debridge[.]finance web page. We found that scammers use claim.debridgefinace[.]com to drain their victims' cryptocurrency wallets. Thus, claim.debridgefinace[.]com and similar fake plat
Hotsearch.io is the address of a fake search engine. We found this page promoted by the HotSearch browser extension. It operates as a browser hijacker, i.e., modifies browser settings to generate redirects to the hotsearch.io site. HotSearch was installed on our test machine by a rogue installati