While browsing untrustworthy sites, we discovered this fake "Matchain ($MAT)" airdrop. This webpage claims to be distributing MAT – the native token of Matchain (matchain.io). The goal is to deceive users into exposing their cryptowallets to a cryptocurrency drainer. It must be stressed that this
While investigating deceptive websites, we discovered the Giant ad blocker. It is promoted as an advertisement-blocking tool that can eliminate intrusive banners, autoplay videos, and pop-ups – according to its promotional material. Upon inspection, we determined that this browser extension operat
Our examination of the "Nedbank - New Debit Order Notification" email revealed that it is fake. This spam message informs the recipient of a new monthly debit order made to the recipient's Nedbank account. It must be emphasized that the information in this email is false, and this mail is not ass
Lamia Loader is a ransomware-type program. This piece of malicious software is designed to encrypt the victim's files and demand payment for their decryption. After we executed a sample of this malware on our test machine, it encrypted files and added a ".enc.LamiaLoader" extension to their names
After examining this "Coinbase Device Registration" email, we determined that it is fake. This spam email is presented as a notification from Coinbase regarding a suspicious account sign-in. The goal of this spam campaign is to trick recipients into calling a fraudulent support line, thereby entan
Our inspection of the "Check Failed Messages" email revealed that it is spam. This is a phishing message that targets email account log-in credentials (passwords) by claiming that the recipient has multiple emails pending in quarantine. The spam email with the subject "[recipient's_email_a
RatOn is a piece of malicious software that targets Android devices. It is classified as a Remote Access Trojan (RAT). RatOn has been around since at least the summer of 2025. This trojan is capable of controlling devices remotely, performing automated money transfers and NFC relay attacks, steal
ACR is a stealer-type malware with multiple versions, including a rebrand variant known as Amatera. ACR targets a variety of sensitive data, such as passwords and cryptocurrency wallets. This stealer is offered as MaaS (Malware-as-a-Service) and has been used in multiple large-scale campaigns.
Imagesearcherpro.com is a fake search engine that our research team discovered while analyzing the Image Search Pro browser hijacker. This website type cannot provide search results and redirects to legitimate search engines. They are usually promoted (via redirects) by browser hijackers. It is no
While investigating suspicious sites, our researchers found this fake "Uniswap" webpage (nextlevel[.]limited; potentially other domains). This page impersonates Uniswap, yet is in no way associated with this decentralized exchange. The scam aims to deceive users into exposing their cryptowallets t