Neptune is a Remote Access Trojan (RAT) written in the Visual Basic (.NET) programming language. Trojans of this kind enable remote access and control over compromised machines. Neptune is a highly multi-functional piece of malicious software. There have been several variants of this RAT. At the
TROX is a stealer-type malware written in several programming languages. This malicious program has been around since at least 2024. It seeks to extract sensitive information from infected systems, including credit card details and cryptowallets. It is offered as MaaS (Malware-as-a-Service) with
While browsing suspicious websites, our researchers discovered the apphonest[.]monster rogue page. It is designed to promote deceptive content and browser notification spam. This webpage can also redirect users elsewhere (likely dubious/hazardous sites). Most visitors access apphonest[.]monster an
After inspecting this "Direction Générale Des Finances Publiques" email, we determined that it is fake. This message is presented as a notification regarding the recipient's documents on the General Directorate of Public Finances, a branch of the Ministry of Economics and Finance. Typically, ema
This malware is a ransomware-type program designed to encrypt files and demand payment for the decryption. Its developers have utilized the name and graphics of Combo Cleaner and PCrisk.com in an attempt to damage our reputation and create a misleading association in users' minds between the malwa
PipeMagic is a piece of malicious software classed as a backdoor. Programs of this kind seek to open a "backdoor" into systems for further infections, and some can even carry them out (i.e., download/install additional malicious content). PipeMagic has been around since at least 2022. Originally
After inspecting this "Standard Bank - VAT Increase" email, we determined that it is fake. This phishing message alerts the recipients of changes to the VAT rates in the Republic of South Africa. The purpose of this email is to deceive recipients into disclosing their online bank account log-in cr
Steadychainconnection.co[.]in is a rogue page discovered by our research team during a routine investigation of dubious websites. This webpage promotes spam browser notifications and redirects users to other (likely unreliable/hazardous) sites. The majority of visitors to steadychainconnection.co
During a routine investigative session of dubious websites, our researchers discovered the coperdayed[.]com rogue page. It operates by promoting browser notification spam and redirecting users to different (likely unreliable/malicious) sites. Most visitors to coperdayed[.]com and similar webpages
XIAOBA 2.0 is a ransomware-type program. It is designed to encrypt victims' files in order to demand ransoms for the decryption. XIAOBA 2.0 renames the affected files according to this pattern – "[xiaoba_666@163.com]Encrypted_[random_string].XIAOBA". On our test machine, this ransomware encrypted