PupkinStealer is an information stealer developed using the .NET. This malware steals sensitive information from infected systems and transmits it to attackers through Telegram, a common exfiltration channel used by cybercriminals. Victims should remove PupkinStealer from infected computers immedi
PureHVNC is a Remote Access Trojan (RAT). This type of malware enables remote access/control over infected devices. PureHVNC has extensive data-stealing abilities. This trojan has been proliferated via fake generative AI websites promoted through Facebook. There is strong evidence suggesting that
We have inspected the website (convergeclaim[.]xyz) and concluded that it is a copy of the Converge page (convergeonchain.xyz). It offers users to participate in a giveaway to trick them into taking actions that can lead to significant monetary losses. This page should be avoided and closed if eve
Our analysis of Datarip has uncovered that it is ransomware from the MedusaLocker family. Once executed on a device, it encrypts files and appends the ".datarip" extension to them. For example, it renames "1.jpg" to "1.jpg.datarip", "2.png" to "2.png.datarip", and so forth. Additionally, Datarip
Our examination of the website (arbus[.]claims) has revealed that it is a fraudulent site crafted to steal cryptocurrency from unsuspecting individuals. The scammers copied the look of the legitimate Arbus site (arbus.ai) to deceive users. Users should be careful when landing on such pages to avoi
NETXLOADER is a .NET-based malware loader. Cybercriminals use it to deploy other malware in their attacks (e.g., other loaders or ransomware). Once on the infected device, NETXLOADER typically loads another malware first to disable defenses and establish persistence. These attacks can result in da
Our researchers discovered the flowworksfivesphere[.]com rogue page while inspecting suspect websites. This webpage endorses spam browser notifications and generates redirects to other (likely dubious/dangerous) sites. Flowworksfivesphere[.]com and similar pages are mainly accessed via redirects c
Our researchers discovered a fake "Hinkal" website during a routine investigative session. The imitator page functions as a cryptocurrency drainer – by siphoning digital assets from victims' cryptowallets. It must be emphasized that this scam site is not associated with the real Hinkal website (hi
While investigating questionable sites, our researchers discovered an application called Pdflash. This app is endorsed as a free tool that allows users to convert, merge, and compress PDF format documents. Upon examination, we determined that Pdflash is a PUA (Potentially Unwanted Application). So
We have analysed the website (flare-networkxrp[.]com) and discovered that it mimics the original/official Flare website (flare.network). The purpose of this site is to steal cryptocurrency from unsuspecting users. Thus, it is highly advisable to avoid visiting this fraudulent site and always verif