# wlfidesktop.app — MALICIOUS

> wlfidesktop.app is a high-risk phishing site pretending to be World Liberty Financial. Avoid downloading or entering info and stay safe online.

## Summary
PhishDestroy identifies wlfidesktop.app as a dangerous phishing domain impersonating the World Liberty Financial desktop application. Although the site is currently offline, it was flagged for social engineering and appeared on multiple security blocklists. Users should be aware that this domain was created recently and attempted to deceive users by mimicking a legitimate financial service.

This phishing scheme worked by offering a download for a fake "WLFI Desktop App" to trick users into installing malware or submitting sensitive financial and personal information. The site was registered through NiceNIC International Group and was detected by several security vendors as suspicious or malicious. Its presence on Google Safe Browsing's social engineering list indicates it aimed to manipulate users into unsafe actions.

If you visited wlfidesktop.app or downloaded anything from it, immediately cease use of the app and run a full antivirus and anti-malware scan on your device. Change any passwords you may have entered and monitor your financial accounts for unauthorized activity. Report any suspicious transactions to your bank and consider enabling multi-factor authentication to protect your accounts. Staying vigilant and avoiding downloads from untrusted sources helps prevent falling victim to such phishing attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 451)
- Page title: WLFI Desktop App — Download | World Liberty Financial

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- Nameservers: ["lady.ns.cloudflare.com", "salvador.ns.cloudflare.com"]
- SSL Issuer: R13

## Detection Status
- VirusTotal: 12 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "CyRadar", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "Sophos", "Webroot"]
- Google Safe Browsing: FLAGGED
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01992f4e-79f4-7078-942a-a71279958e91.png
- PhishDestroy: https://phishdestroy.io/domain/wlfidesktop.app/
- LLM endpoint: https://phishdestroy.io/domain/wlfidesktop.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/wlfidesktop.app/
Last updated: 2026-03-19