During our investigation of suspicious websites, we discovered market.polydistrib[.]com, a fraudulent page designed to impersonate the Polymarket platform. It promotes a fake POLY token community rewards program and claims to distribute 250,000,000 POLY tokens to eligible users. This site is a cry
After inspecting this email, we determined that it is a phishing scam. The message is disguised as an automated security notification from cPanel, falsely claiming the recipient's account requires an urgent upgrade. The scammers behind it aim to steal login credentials through a fraudulent website
We have inspected this email and determined it is a phishing scam. The message is disguised as an automated notification from an email hosting service, claiming that incoming messages were blocked due to a validation error. It is designed to steal email account credentials and should be ignored.
We have examined this email and determined that it is a phishing scam. The message is crafted to resemble a legitimate business inquiry from a company named Bayerische Industrie GmbH, requesting product quotations and technical documentation. It aims to trick recipients into visiting a fraudulent
We have reviewed this email and determined that it is malspam. It impersonates the Social Security Administration and falsely claims the recipient's annual statement is ready for download. Clicking the link inside leads to a fake verification site that delivers a trojanized ScreenConnect installer
MORTAR is ransomware we discovered during a routine inspection of new submissions to the VirusTotal website. It targets corporate networks, encrypts files, and drops a ransom note named README-[victim's ID].txt. On our test machine, MORTAR appended a unique victim ID as the extension to each encr
Our research team found the lerantixflowcore[.]co.in rogue page while investigating suspicious websites. After inspecting this webpage, we determined that it promotes browser notification spam and redirects visitors to other (likely unreliable/harmful) sites. Lerantixflowcore[.]co.in displ
Our researchers discovered vitisubiferive[.]com while investigating dubious websites. After examining this rogue page, we determined that it promotes browser notification spam and generates redirects to other (likely unreliable/dangerous) sites. Vitisubiferive[.]com uses a fake "confirm yo
Our research team discovered lantixprostream[.]co.in while investigating dubious websites. After examining this rogue page, we determined that it promotes browser notification spam and generates redirects to other (likely unreliable/dangerous) sites. Lantixprostream[.]co.in presents visito
EKZ Stealer is an information stealer designed to silently extract saved passwords, cookies, autofill data, and payment card details from web browsers on infected Windows computers. According to research by Arctic Wolf, it was first observed in May 2026 as part of a campaign targeting organization