ScoringMathTea is a Remote Access Trojan (RAT) written in the C++ programming language. It is a sophisticated malicious program with an emphasis on stealth and evasion of detection. RATs are designed to enable remote access/control over compromised machines. ScoringMathTea has been developed and i
Alwayssecuredsearch.com is a fake search engine that cannot provide search results. We discovered this website while analyzing the "Always Secured powered by Yahoo" browser hijacker. However, it could be promoted by other browser hijackers. Typically, browser-hijacking software (such as "A
We have examined learnassistsearch.com and determined that it is a fake search engine. It is distributed through a browser hijacker known as Learn Assist. Using learnassistsearch.com or Learn Assist can compromise privacy and security. Therefore, they should be avoided and removed if found on a br
We have tested service.webshieldhub.com and found that it is a bogus search engine. Moreover, it is promoted through a browser hijacker called Web Shield for Chrome. Using service.webshieldhub.com and Web Shield for Chrome can cause privacy and security issues. Thus, they should be avoided and sho
While investigating dubious sites, our research team discovered this fake "USDC Token Distribution" webpage. This scam claims to be distributing USDC cryptocurrency. Its goal is to lure victims into connecting their digital wallets to a cryptocurrency drainer. IMPORTANT NOTE: We do not revie
Our team has discovered that this is a scam website designed to trick visitors into revealing sensitive information. It is disguised as a DeFi Protocol platform to appear legitimate. Falling for this scam can result in irreversible cryptocurrency theft. Thus, if encountered, this page should be cl
News-gikaji[.]com is a rogue webpage designed to deceive visitors into permitting browser notification delivery. Additionally, this page can produce redirects to different (likely unreliable/malicious) websites. Most users access news-gikaji[.]com and similar webpages via redirects caused by sites
While reviewing suspect websites, our research team happened upon news-gebece[.]com. This rogue page operates by promoting browser notification spam. It can also redirect users to other (likely unreliable/hazardous sites. News-gebece[.]com and similar webpages are most commonly accessed via redire
We have examined this website (chain.link-treasurypools[.]com) and found that it is a fraudulent website offering to claim free tokens. Also, the site mimics the original Chainlink platform (chain.link) to appear legitimate. The purpose of the fake page is to drain victims' wallets. IMPORTAN
Our team discovered CCLand during an analysis of samples uploaded to VirusTotal. Upon inspecting the malware, we concluded that it is ransomware that encrypts files. In addition to encrypting data, CCLand appends the ".ccl" extension to filenames and drops a ransom note, "RECOVER_README.txt". An