Our researchers discovered this fake "Haedal Airdrop" while investigating untrustworthy websites. It masquerades as the Haedal platform (haedal.xyz). Victims are lured by this scam into exposing their cryptowallets to a cryptocurrency drainer with the promise of an airdrop. IMPORTANT NOTE: W
Our researchers discovered the PowerLocker ransomware while inspecting new file submissions to the VirusTotal site. Ransomware is a type of malware that encrypts the victim's files in order to demand ransoms for the decryption. After we executed a sample of PowerLocker on our test machine, it enc
We have analyzed tageraplaby.co[.]in and concluded that the purpose of this page is to deliver misleading notifications to users to promote other shady sites. Tageraplaby.co[.]in uses clickbait to trick visitors into allowing it to show notifications. Users should be careful when encountering such
Gremlin is a stealer-type malicious program written in the C# programming language. This malware has been around since the early spring of 2025. Gremlin stealer targets a variety of sensitive data, including log-in credentials (usernames/passwords), credit card numbers, and cryptocurrency wallets.
We have examined ghtlidings.co[.]in and determined that it is a fraudulent website designed to deceive users into granting permission for notifications. Once notifications are enabled, the site sends misleading alerts and other deceptive messages. Thus, ghtlidings.co[.]in and similar sites should
During our analysis of the page (aml-cryptocheck[.]net), we uncovered that it is a fake web page masquerading as the original TON (ton.org) site. Scammers use the fraudulent page to lure unsuspecting visitors into performing actions that can lead to the loss of their cryptocurrency. IMPORTAN
CRFILE is ransomware (belonging to the MedusaLocker family) that our team has discovered while examining malware samples submitted to VirusTotal. It is designed to lock files through encryption, append the ".CRFILE2" extension to files, and create a ransom note ("READ_NOTE.html"). An example of h
We have analyzed the site (vote-pijswap[.]co) and concluded that it is a scam web page designed to steal cryptocurrency holdings from unsuspecting individuals. Like most scams of this type, it promises participants rewards to lure them into taking harmful actions. Such sites should be avoided to p
Our team has analyzed the email and determined that it is a scam impersonating the International Finance Corporation (IFC), a legitimate financial institution. The scammers behind it aim to trick recipients into revealing personal information (and possibly sending money). Such emails should be ign
During our inspection of orbitinginsights.com, we found that it is a fake search engine promoted through an extension known as Orbiting Insights. The promoting extension operates as a browser hijacker - it changes the settings of a web browser to force users to visit orbitinginsights.com.