Lockis is ransomware from the GlobeImposter family. We discovered it while inspecting malware samples submitted to VirusTotal. During our examination, we found that Lockis encrypts files and appends the ".lockis" extension to them. It also creates a text file ("how_to_back_files.html") containing
We examined the website (infrared-finance[.]pro) and discovered that it is a clone of the Infrared site, infrared.finance. It is a fraudulent website created to steal cryptocurrency from users' wallets. To avoid losing funds, users should steer clear of this and other unofficial copies. IMPO
We have inspected the website (gensyn-token[.]network) and found that it is a copy of the original Gensyn page, gensyn.ai. It is a scam website designed to drain wallets (steal cryptocurrency from unsuspecting users). This and similar unofficial pages should be avoided to prevent cryptocurrency th
Upon examining tapverge[.]com, we found that the site uses a deceptive technique to trick visitors into accepting its notifications. If permission is given, tapverge[.]com can display fake warnings, offers, and similar messages. Its notifications can expose users to scams and other threats. Thus,
Our analysis has revealed that nonfliestortic[.]com uses clickbait to trick visitors into granting it permission to display notifications. If allowed, nonfliestortic[.]com can bombard users with fake warnings and other deceptive messages. The ultimate goal is to promote potentially malicious conte
Our review of amishessage[.]com shows that it is an untrustworthy website that relies on clickbait tactics to persuade visitors to allow browser notifications. Once permission is granted, amishessage[.]com can push fake alerts and similar deceptive messages designed to direct users to questionable
Our team has inspected the email and concluded that it is a phishing attempt. This message claims that the recipient has received shared documents. It provides a link to a fake website designed to harvest personal information. Victims of this scam may have their accounts hijacked. Thus, it is high
Our inspection has revealed that airdrop.vooooi[.]xyz is a scam website designed to promote a fake cryptocurrency giveaway. It is disguised as the original VOOI site (vooi.io) to appear legitimate. The scammers behind it aim to steal cryptocurrency from unsuspecting visitors. This page should not
We have checked this email and found that it encourages recipients to review an invoice. However, this is a scam, as no invoice is included in this email, and the provided link leads to a fake website designed to steal information. Emails of this type are classified as phishing attempts and should
GachiLoader is a malicious program written in Node.js. This malware is classed as a loader – it is designed to download/install additional malicious programs onto compromised systems. GachiLoader has been distributed through a campaign leveraging compromised YouTube accounts. In this campaign, the