MacSync is a piece of malicious software that is a rebranded and upgraded version of the mac.c stealer. mac.c was developed in the spring of 2025, and a month later, the rebrand occurred. MacSync retains the data-stealer functionalities but also has backdoor capabilities. While the stealer was w
BaoLoader is a program designed to introduce additional harmful content into compromised devices. This malware has primarily infiltrated malicious Google Chrome browser extensions. It is also capable of executing malicious JavaScript. BaoLoader is installed onto systems with seemingly legitimate
Our analysis shows that grattederia[.]com is an unreliable website that attempts to obtain permission to deliver push notifications using deceptive instructions. If accepted, these notifications may lure users into visiting additional unsafe or malicious sites. For this reason, grattederia[.]com s
Gentlemen is ransomware that encrypts files and appends a random extension to them. For example, during encryption a file named "1.jpg" is changed to "1.jpg.7mtzhh", "2.png" to "2.png.7mtzhh", and so fort. Also, provides a ransom note ("README-GENTLEMEN.txt"). Its purpose is to extract money from
Osprey is information-stealing malware designed to harvest sensitive data from infected systems. It targets cryptocurrency wallets, various game data, system information, and other details. Cybercriminals can use it to hijack accounts, steal money and identities, and for other malicious purposes.
Maranhão is an information-stealing malware written in Node.js and delivered through Inno Setup installers. It targets various sensitive information, including cryptocurrency wallet data. Its infiltration can lead to privacy issues, monetary loss, and other problems. If detected on a system, Maran
Our analysis of the site (app.hyperswapx[.]exchange) has uncovered that it is a fraudulent copy of the official HyperSwap platform (app.hyperswap.exchange). The site is intended to deceive users into connecting their wallets, allowing scammers to steal their cryptocurrency. This deceptive site sho
HybridPetya is ransomware that shares similarities with Petya and NotPetya. One of the main differences is that HybridPetya can bypass UEFI Secure Boot defenses on vulnerable systems - it starts its malicious activities before the operating system even loads. Like most ransomware variants, HybridP
After reading this "Rainbow Lottery" email, we determined that it is spam. It claims that the recipient's email address has been randomly selected as a winner of one million GBP (pound sterling). The purpose of this spam campaign is to trick victims into disclosing sensitive data and potentially
Our researchers found istomegiessts.co[.]in while browsing untrustworthy sites. We determined that this rogue webpage promotes spam browser notifications and causes redirects to other (likely dubious/malicious) websites. Istomegiessts.co[.]in and similar pages are most commonly accessed via redire