KimJongRAT is malicious software designed to secretly infiltrate computers, steal sensitive data, and allow attackers to control them remotely. It has at least two variants: one built and executed using PowerShell and the other using a Portable Executable (PE) file. The malware collects browser da
Basta is ransomware that our team has discovered during analysis of malware samples uploaded to VirusTotal. Basta encrypts files and appends the victim's ID, an email address, and the ".basta" extension to files. For example, it renames "1.jpg" to "1.jpg.[2AF20FA3].[basta2025@onionmail.com].basta"
GolangGhost is a RAT (Remote Access Trojan) targeting Mac operating systems. It is written in the Go programming language (Golang). This malware enables remote access/control over infected machines. It has backdoor and stealer-type functionalities. GolangGhost has been spread through job offer/
We have inspected the email and discovered that it is a message posing as a notice from Spotify regarding a recent payment. The scammers behind this fraudulent email attempt to steal personal information from recipients. Whoever receives this email should ignore it. This scam email claims
Our analysis of streamadsfeed[.]top shows that it is designed to deliver deceptive notifications. Since it requires user permission to do so, the site uses a clickbait tactic to trick visitors into allowing them. Pages like streamadsfeed[.]top are untrustworthy and should be closed immediately if
We discovered this scam upon receiving a fraudulent email. This scheme is designed to steal unsuspecting individuals' money (and some information). The scam website is disguised as a legitimate Blockchain (blockchain.com) platform to appear legitimate. Users should not trust the page (and the asso
Our analysis has shown that it is a pop-up scam involving a fraudulent message designed to trick users into interacting with it. Additionally, the site uses other methods to lure users. It is important to recognize fake warnings and similar content to avoid scams like this one. In the firs
GHOSTPULSE (also known as IDATLOADER, HIJACKLOADER) is a piece of malicious software classed as a loader. Programs of this kind are designed to load additional malware onto compromised systems (i.e., cause chain infections). GHOSTPULSE has been spread through ClickFix scam campaigns. GHOST
We have examined this website and concluded that it is a scam site that uses scare tactics to trick users into interacting with it (clicking the provided links). Usually, websites of this type lead users to other unreliable sites, including pages hosting malware. Sometimes, they can promote legiti
Amatera is an information stealer written in C++ programming language and based on another stealer known as ACR. Cybercriminals sell it as a malware-as-a-service (MaaS). It is priced at $199 for 1 month, $499 for 3 months, $899 for 6 months, and $1499 for 1 year. If Amatera is detected on the syst