We have inspected the website (ipfs.interface[.]social) and found that it mimics the original/official Wrapped Bitcoin (WBTC) website. The fake site offers individuals to claim WBTC rewards as a lure. Its purpose is to trick unsuspecting users into taking actions that can lead to significant finan
Our analysis of the site (allocate-strawberry[.]com) revealed it to be a fraudulent page posing as the legitimate Strawberry (usestrawberry.ai) platform. We also discovered that the site is designed to steal cryptocurrency from victims. It is strongly advisable to avoid visiting such sites and int
We have inspected the email and concluded that it is a scam. It is disguised as a letter from the HSBC bank regarding compensation for fraud victims. Scam emails like this one are usually employed to trick recipients into transferring money and (or) sending personal information to scammers. Recipi
Rans0m Resp0nse (R|R) is ransomware developed using a leaked LockBit source code. It encrypts files, appends its extension (a random string of characters, e.g., ".RSN6Lzcyg"), and creates a ransom note ("[random_string].README.txt]"). An example of how Rans0m Resp0nse (R|R) renames files: it chang
In our analysis of the site (airdrop.soonetwork[.]org), we uncovered that it is a deceptive web page masquerading as the official SOON (soo.network) platform. We also found that the purpose of the fake web page is to steal cryptocurrency from victims through a malicious tool. It is highly advisabl
We found this fake "$PEPU Staking" website (pepu-sushi[.]top; possibly other domains) while investigating suspicious sites. It claims that a staking pool has been opened and offers huge rewards. The goal of this scam is to lure users into exposing their digital wallets to a cryptocurrency drainer.
After examining this "SharePoint Meeting Document" email, we determined that it is spam. This fake message is presented as a notification concerning a new meeting and a shared document. It must be stressed that this email is not associated with SharePoint. The purpose of this spam campaign is to s
HexaLocker is a malicious program classed as ransomware. It operates by encrypting data and demanding payment for the decryption. This ransomware renames the files it encrypts by adding a ".hexalocker" extension, e.g., a file titled "1.jpg" appears as "1.jpg.hexalocker", "2.png" as "2.png.hexalock
While investigating rogue websites, our researchers discovered an installer carrying the Crowq Utils Sol PUA (Potentially Unwanted Application). Upon analysis, we determined that Crowq Utils Sol acts as a dropper for the Legion Loader malware. However, it might be used to infiltrate other harmful
After inspecting this "Standard Chartered Bank - Transfer Confirmation" email, we determined that it is fake. This phishing message is presented as a transaction notification from Standard Chartered, but it is in no way associated with this bank. This spam campaign targets recipients' email accoun