restore-metamask.com Used to Steal Entire Crypto Wallets

restore-metamask.com Used to Steal Entire Crypto Wallets
The malicious domain restore-metamask.com was used to steal existing crypto wallets of metamask.io users. It also allowed new wallets to be created and cryptocurrencies deposited to the new wallet, but it would ultimately go to the attackers.
Read more →

Bad Opsec: xcazanova -> thetoxichydra -> utoxic

Bad Opsec: xcazanova - thetoxichydra - utoxic
Utoxic is very likely xcazanova, or at minimum very close to him based on the evidence I will show. A leopard don’t change its spots.
Read more →

Spoofed 404s

Spoofed 404s
Should you trust the HTTP response code when analyzing access logs for suspicious traffic?
Read more →

MAGECART GROUP 12: toolser.pw skimmer

MAGECART GROUP 12: toolser.pw skimmer
This PHP code injection is used to selectively inject the JavaScript skimmer that is loaded from toolser.pw (recently had been using pathc.space).
Read more →

wss://hotjar[.]info skimmer

wss://hotjar[.]info skimmer
A twist on the old ‘analytics code’ camouflage used by some skimmers to evade detection.
Read more →
Disclaimer: The research posted on this website is for information purposes only. Do not use it for illegal purposes.