After reading this "Alert Regarding Your System Credentials" email, we determined that it is spam. This message claims that the recipient's password will expire within 24 hours. The recipient is urged to maintain uninterrupted service – thus, they are lured into revealing their email account log-i
After inspecting this "EFT Debit Release" email, we determined that it is spam. This message concerns an EFT (Electronic Funds Transfer) debit payment that will be released today. The goal of this campaign is to trick recipients into entering their account log-in credentials to a phishing file.
Shamos is a variant of the AMOS (Atomic) stealer. This malicious program targets macOS devices and seeks to steal sensitive data. Shamos has been around since at least the summer of 2025. It was developed and is offered as MaaS (Malware-as-a-Service) by a threat actor group dubbed "COOKIE SPIDER
Our investigation revealed that this is a phishing email disguised as a security alert from an online service provider. It includes a link to a fraudulent website aimed at stealing personal information from recipients. Whoever receives this email should disregard the message to prevent account com
Our analysis has shown that it is a phishing email posing as a security notification from an email service provider. The scam email contains a link to a fake site designed to extract personal information from unsuspecting recipients. It should be ignored to avoid account hijacking and other potent
Antivirus by FSB is an advanced backdoor that compromises Android devices. Threat actors have deployed it in campaigns targeting Russian business representatives. Its functionality includes the execution of various malicious commands. If detected on a device, the malware should be removed immediat
Kelpmetoreali[.]com is a rogue webpage discovered by our research team during a routine investigation of suspicious sites. After examining this page, we determined that it promotes dubious content and browser notification spam. It can also redirect users to other (likely unreliable/malicious) webs
While investigating untrustworthy sites, our researchers discovered the jpadsnow[.]com rogue webpage. It operates by endorsing browser notification spam and generates redirects to different (likely unreliable/hazardous) websites. Jpadsnow[.]com and similar pages are primarily accessed through redi
We have examined knobd[.]com and concluded that its purpose is to deceive visitors into taking actions allowing the site to show notifications. Once permitted, knobd[.]com can display annoying and often misleading notifications. Clicking the links in such notifications can expose users to privacy
KillBack is ransomware that our team discovered while examining samples submitted to VirusTotal. Upon execution, KillBack encrypts data, appends the victim's ID and ".killback" extension to files, and creates a ransom note ("README.TXT"). An example of how the malware modifies filenames: It chang