JSCEAL is an information stealer targeting mainly cryptocurrency applications. Cybercriminals use malicious ads to trick victims into downloading fake apps that mimic nearly 50 popular cryptocurrency trading platforms. If JSCEAL is detected on the system, it should be eliminated as soon as possibl
Our researchers discovered this fake "$PUMP" airdrop during a routine investigative session. The page states that users can claim PUMP tokens, and with this lure – the scam aims to trick victims into exposing their digital wallets to a cryptocurrency drainer. IMPORTANT NOTE: We do not review
We have inspected respraccipsaurs[.]com and concluded that its goal is to trick visitors into accepting its notifications. If allowed, respraccipsaurs[.]com can show misleading alerts and similar messages. These notifications contain links to potentially malicious sites. Thus, respraccipsaurs[.]co
During our inspection of malware samples uploaded to VirusTotal, we discovered BOBER, a variant of the CONTI ransomware. Once executed on the device, BOBER encrypts files and appends its extension to them. It also provides a ransom note ("R3ADM3.txt"). BOBER appends a string of random characters t
Our research team discovered the brobitte.co[.]in rogue page while investigating suspicious websites. Upon inspection, we learned that this webpage promotes browser notification spam and redirects visitors to other (likely dubious/dangerous) sites. The majority of visitors to brobitte.co[.]in and
Our researchers discovered this "Solana (SOL) Rewards" webpage during a routine investigation. This deceptive page promises "special rewards". It must be emphasized that this bogus rewards program is not associated with the real Solana platform. The purpose of this site is to trick users into expo
Our analysis shows that gojogo-messaging[.]com is used to deceive visitors into allowing notifications. Once granted permission, it can send misleading alerts and similar messages that may lead to unreliable or harmful websites. For this reason, users should avoid visiting gojogo-messaging[.]com a
Our researchers discovered the Tiger ransomware during a routine inspection of new submissions to the VirusTotal website. This malicious program is part of the GlobeImposter ransomware family. On our test machine, Tiger encrypted files and appended their filenames with a ".Tiger4444" extension. T
Our researchers found this ransomware – Cybertron – while inspecting new submissions to the VirusTotal platform. This program belongs to the MedusaLocker ransomware family. Cybertron is designed to encrypt files and demand ransoms for the decryption. After we executed a sample of this ransomware
While investigating suspicious websites, our researchers found the glspromo[.]com rogue webpage. It operates by promoting spam browser notifications and redirecting visitors to other (likely dubious/dangerous) pages. Glspromo[.]com and analogous webpages are primarily accessed through redirects ge