While investigating dubious sites, our researchers discovered the lowpedriliks[.]com rogue page. It is designed to promote browser notification spam and generate redirects to other (likely unreliable/hazardous) websites. Most visitors to lowpedriliks[.]com and similar webpages enter them through
"Orderly ($ORDER) Vote Rewards" is a scam discovered by our researchers while browsing suspicious websites. The goal of this fraudulent page is to trick users into exposing their cryptowallets to a cryptocurrency drainer – a mechanism that steals digital assets. It must be emphasized that this sca
Our research team discovered this fake "Giggle Fund ($GIGGLE) Vote Rewards" while investigating suspicious websites. This fraudulent page imitates the official site of the GIGGLE token (giggletoken.com) and promises rewards to early voters who hold the namesake token. The purpose of this scam is t
Our researchers discovered BeFirst ransomware during a routine inspection of new file submissions to the VirusTotal site. This malicious program is part of the MedusaLocker ransomware family. BeFirst operates by encrypting data in order to demand a ransom for the decryption. After we executed a s
While investigating suspect sites, our researchers discovered the "Hyperliquid ($HYPE) Vote Rewards" scam. This page impersonates the official Hyper Foundation website (hyperfoundation.org) and promises rewards to early voters. The goal is to deceive users into exposing their digital wallets to a
This "ChainOpera AI ($COAI)" airdrop is fake. Our researchers discovered this scam during a routine inspection of suspicious websites. It is presented as the official website of ChainOpera AI (chainopera.ai) and lures users into exposing their cryptowallets to a cryptocurrency drainer. It must be
Our examination of the page (event-onyxs[.]org) has revealed that it is a fake site posing as the original Onyx website (onyx.org). The scammers behind the fraudulent page aim to trick visitors into believing that they can claim rewards, and their intention is to steal cryptocurrency. IMPORT
We have inspected the website (jayacitakreasindo[.]com) and concluded that it is a scam. It mimics the original DappRadar page (dappradar.com) to appear trustworthy. The purpose of this site is to trick visitors into connecting their wallets, which allows scammers to steal cryptocurrency. IM
Our analysis shows that FIND is ransomware from the Dharma family. We discovered it while inspecting samples submitted to VirusTotal. Once executed, FIND encrypts files and provides two ransom notes (it displays a pop-up window and creates a file named "info.txt"). Also, the ransomware renames fil
We have inspected the site (app-rocksolid[.]live) and concluded that it is a scam. It mimics the original RockSolid site (app.rocksolid.network) to lure visitors into using it and taking a specific step. The goal of this fake website is to drain cryptocurrency wallets. It should be avoided and exi