During our assessment of malware samples uploaded to VirusTotal, it was discerned that Afire is ransomware designed to prevent victims from accessing files by encrypting them. Also, Afire renames files by appending the ".afire" extension to filenames and provides a ransom note ("Restore.txt"). An
Upon our analysis, we discovered that the Unrented.app application is linked to the Pirrit adware family, meaning its purpose is to display intrusive advertisements to users. Moreover, there is a potential concern regarding Unrented.app accessing and gathering various user data. Thus, users shou
Upon investigation of mrbeastgive[.]com, it became evident that it is a fraudulent cryptocurrency exchange platform. Scammers developed mrbeastgive[.]com with the intention of deceiving unsuspecting individuals into depositing their cryptocurrency and potentially disclosing personal information, w
Nevofex[.]com is a fraudulent website crafted by scammers with the intention of deceiving unsuspecting individuals into transferring them cryptocurrency and potentially divulging personal information. Sites like nevofex[.]com often employ various tactics, such as fake promises or misleading offers
Bitsowex[.]com is a scam website created by cybercriminals who aim to lure unsuspecting individuals into sending them money and possibly providing personal info. It is crucial for users to exercise caution and skepticism when encountering such websites to avoid falling victim to scams and safeguar
Our researchers discovered titaniumveinshaper[.]com while investigating suspicious websites. This rogue page has several appearances; it is designed to promote browser notification spam and redirect users to other (likely dubious/malicious) sites. Webpages like titaniumveinshaper[.]com are most c
Finderssearching.com is the address of a fake search engine discovered by our research team promoted through a rogue installer, which was pushed by a deceptive webpage. Illegitimate search engines usually cannot provide search results and collect visitor data. In most cases, these websites are end
While inspecting new submissions to the VirusTotal platform, our researchers found a ransomware-type program named Locked. It belongs to the MedusaLocker ransomware family. This malware encrypts data and demands ransoms for its decryption. After we launched a sample of Locked (MedusaLocker) ranso
Tokenely[.]com is a scam website claiming to be Europe's top crypto trading platform. It also depicts imagery associated with the Tesla multinational automotive and clean energy company. The goal of this scam is to deceive victims into transferring cryptocurrency to scammers. It might also record
The bitxspark[.]com website is a fake cryptocurrency trading platform. This scam site steals victims' deposits by tricking them into transferring the funds to cryptowallets owned by scammers. Bitxspark[.]com might also operate as a phishing page that records log-in credentials. As mentione