In our analysis of the Outer Space application, we identified characteristics typical of a browser hijacker. Once added, Outer Space alters the browser settings to promote a particular web address. Alongside browser hijacking, Outer Space may collect browsing-related and other pertinent informatio
Ether.fi is a legitimate decentralized platform offering a non-custodial delegated staking protocol. Unfortunately, scammers have been exploiting its reputation by creating fraudulent ether.fi websites. These fake platforms lure users into fake giveaways with the aim of stealing cryptocurrency fro
In our analysis of the news-muwako[.]com website, we determined that its primary objective is to obtain permission to display notifications using a clickbait technique. We discovered that news-muwako[.]com showcases deceptive content to coax visitors into granting this permission. Additionally, th
While checking out suspect pages, our researchers discovered gluxouvauque[.]com. After inspecting this rogue webpage, we learned that it endorses browser notification spam and generates redirects to different (likely unreliable/hazardous) sites. Most users enter gluxouvauque[.]com and pages akin
While investigating untrustworthy websites, our research team discovered the Wild Life browser extension. This piece of software promises to display nature-themed browser wallpapers. However, Wild Life makes changes to browser settings in order to endorse (via redirects) the ucfmyquest.com fake s
This "X World Games Airdrop" is a scam. It imitates the legitimate X World Games Web3-type blockchain gaming platform. The scheme claims that eligible users can participate in an XWG token and NFT (Non-Fungible Token) airdrop. However, once a digital wallet is exposed to this scam – a cryptocurren
This "Pacmoon Airdrop" is fake. This scam claims to give a 10% Pacmoon (PAC) token bonus for those who join the project. However, once a user connects their digital wallet to it, the scam begins operating as a cryptocurrency drainer. This scheme has been observed being promoted via posts on the X
Hitobito (also known as Kage No Hitobito) is a ransomware-type program. It operates by encrypting files and demanding payment for the decryption. On our test machine, Hitobito encrypted files and added a ".hitobito" extension to their filenames. For example, a file originally named "1.jpg" appear
Resultsearch.net is the address of a rogue webpage classed as a fake search engine. Sites within this classification cannot generate search results and tend to redirect to legitimate Internet search websites. Usually, these pages collect visitor data. Fake search engines are promoted by browser h
VCURMS is a remote administration Trojan (RAT) that cybercriminals store on public services such as Amazon Web Services (AWS) and GitHub. This method allows the Trojan to conceal its presence and activities from security measures, making it more challenging to detect and remove from infected syste