We have inspected the Heizer Kroop Sortic application and found that it contains malicious components, such as Legion Loader. The app itself has no clear purpose and is distributed using shady methods. For these reasons, users should avoid installing Heizer Kroop Sortic and uninstall it from compu
While investigating suspicious sites, our researchers discovered fripolonishnity.co[.]in – it is a rogue page that promotes browser notification spam and redirects users to other (likely untrustworthy/hazardous) websites. Most visitors to fripolonishnity.co[.]in and similar webpages access them th
We have inspected the website (claim.dexenetwork[.]click) and discovered that it mimics the original DeXe Protocol site (dexe.network). The fake web page is designed to trick individuals into taking steps that could lead to cryptocurrency theft. It should not be trusted and should be closed if eve
After examining this "TD Bank" email, we determined that it is fake. This spam letter urges the recipient to update their TD Bank account details. The purpose of this scam mail is to deceive users into disclosing their log-in credentials to a phishing website. It must be emphasized that this email
GIFTEDCROOK is an information stealer written in C/C++ programming language. Cybercriminals spread it through deceptive emails that include a macro-enabled Microsoft Excel spreadsheet (XLSM). GIFTEDCROOK is used to pilfer information from web browsers. Victims should remove the malware as soon as
While browsing suspicious sites, our researchers discovered a fake SwapBased webpage. The scam website's appearance and domain is incredibly close to that of the official site. This fraudulent page promotes a crypto drainer – thus victims of this scam have the cryptocurrency drained from their dig
Our analysis of the website has shown that this is a scam posing as a giveaway held by the Tesla Foundation. Scammers promote it using fake X (formerly Twitter) accounts. Their goal is to trick unsuspecting individuals into taking actions that would lead to the theft of their cryptocurrency.
We have inspected the email and concluded that it is a fake from "IT Software Operator" regarding the activation of upgraded mailbox storage. The scammers behind this fraudulent email aim to extract personal information from recipients through a deceptive page. Such emails are classified as phishi
VShell is a piece of malicious software with backdoor, RAT (Remote Access Trojan), and injector abilities. This program can cause chain infections and execute commands on infected machines. VShell is highly compatible, as it can infiltrate payloads for Mac (macOS), Windows, and Linux operating s
SNOWLIGHT is a malware that targets Mac operating systems (macOS). It acts as a dropper (i.e., can cause chain infections) and has been observed being used to infiltrate the VShell malware into compromised devices. The SNOWLIGHT dropper has been used by a threat actor tracked as "UNC5174". It is