Step-by-Step Malware Removal Instructions

Fake Rabby Wallet Website Scam
Phishing/Scam

Fake Rabby Wallet Website Scam

Our analysis indicates that this is a fraudulent website (rabbywallet[.]io) mimicking the official Rabby Wallet site. Its purpose is to deceive users into disclosing personal information, enabling scammers to steal their digital assets. To prevent financial loss, users should immediately close suc

We Have Your Search Requests And Webcam Footage Email Scam
Phishing/Scam

We Have Your Search Requests And Webcam Footage Email Scam

After reading this "We Have Your Search Requests And Webcam Footage" email, we determined that it is a sextortion scam. This spam message claims that Russian hacker affiliates have obtained the recipient's information and recorded a sexually explicit video of them. If the recipient does not meet

Fake Xverse Website Scam
Phishing/Scam

Fake Xverse Website Scam

Our researchers found this imitator "Xverse" webpage (xversewallets[.]com; potentially other domains) during a routine investigative session. This is a phishing page that impersonates the official website of the Xverse wallet (xverse.app). The scam targets cryptowallet log-in credentials. IM

AMLBot Crypto Checking Scam
Phishing/Scam

AMLBot Crypto Checking Scam

While investigating suspicious sites, our researchers discovered this fake "AMLBot Crypto Checking" webpage. It is disguised as the official website of the AMLBot platform (amlbot.com). The purpose of this scam is to trick users into exposing their digital wallets to a cryptocurrency drainer.

Tracktransit.co.in Ads
Notification Spam

Tracktransit.co.in Ads

Our research team found the tracktransit.co[.]in rogue page while investigating suspect websites. After inspecting this webpage, we found that it promotes browser notification spam and redirects users to other (likely unreliable/hazardous) sites. Most visitors to tracktransit.co[.]in and pages ak

Tisfas.co.in Ads
Notification Spam

Tisfas.co.in Ads

Tisfas.co[.]in is a rogue webpage discovered by our researchers during a routine inspection of untrustworthy sites. It is designed to promote browser notification spam and redirect users to different (likely dubious/harmful) websites. The majority of visitors to tisfas.co[.]in and similar pages a

Waliekhal.com Ads
Notification Spam

Waliekhal.com Ads

Our analysis of waliekhal[.]com reveals that it can deliver intrusive and deceptive notifications. However, it can only do this if users grant permission. Waliekhal[.]com uses a misleading technique to achieve this. Thus, it is advisable to avoid visiting waliekhal[.]com and never allow similar si

Surilour.co.in Ads
Notification Spam

Surilour.co.in Ads

While browsing suspicious sites, our researchers discovered surilour.co[.]in. Upon examination, we learned that it is yet another rogue page that uses a fake CAPTCHA test to trick visitors into permitting its browser notifications. This webpage can also redirect users to different (likely untrustw

Subingracel.co.in Ads
Notification Spam

Subingracel.co.in Ads

Our review of subingracel.co[.]in has shown that it can display annoying and misleading notifications. However, it cannot do so without permission, which it attempts to obtain through clickbait. Users should avoid visiting subingracel.co[.]in and never allow web pages of this kind to show notifica

THRSX Ransomware
Ransomware

THRSX Ransomware

Our analysis shows that THRSX is ransomware designed to encrypt files and change their filenames by appending its extension (".THRSX"). For instance, it renames "1.jpg" to "1.jpg.THRSX" and "2.png" to "2.png.THRSX". Also, this ransomware creates a ransom note ("RECOVER_INSTRUCTIONS.html"). Our dis