kkRAT is a piece of malicious software categorized as a Remote Access Trojan (RAT). This malware establishes remote access and control over compromised machines. It similarities with other RATs – Big Bad Wolf and Ghost. As of the time of writing, kkRAT is used in an ongoing campaign that began in
Our researchers discovered this fake "Popcat" airdrop during a routine investigation. By attempting to participate in this bogus airdrop, users are lured into exposing their digital wallets to a cryptocurrency drainer. It must be emphasized that this scam is not associated with the official Popcat
Our researchers discovered the "SYSTEM SECURITY ALERT" scam during a routine investigation of suspicious websites. It claims that users' operating systems have experienced failure, and the antivirus must be updated to restore standard functionality. Typically, scams of this kind aim to deceive vic
After reviewing this "Mailbox Error Detected" email, we determined that it is spam. The message claims that to restore their ability to send and receive emails, the user must eliminate the error in their inbox. This email is not associated with any legitimate entities, and its goal is to trick rec
While browsing untrustworthy sites, we discovered this fake "Matchain ($MAT)" airdrop. This webpage claims to be distributing MAT – the native token of Matchain (matchain.io). The goal is to deceive users into exposing their cryptowallets to a cryptocurrency drainer. It must be stressed that this
While investigating deceptive websites, we discovered the Giant ad blocker. It is promoted as an advertisement-blocking tool that can eliminate intrusive banners, autoplay videos, and pop-ups – according to its promotional material. Upon inspection, we determined that this browser extension operat
Our examination of the "Nedbank - New Debit Order Notification" email revealed that it is fake. This spam message informs the recipient of a new monthly debit order made to the recipient's Nedbank account. It must be emphasized that the information in this email is false, and this mail is not ass
Lamia Loader is a ransomware-type program. This piece of malicious software is designed to encrypt the victim's files and demand payment for their decryption. After we executed a sample of this malware on our test machine, it encrypted files and added a ".enc.LamiaLoader" extension to their names
After examining this "Coinbase Device Registration" email, we determined that it is fake. This spam email is presented as a notification from Coinbase regarding a suspicious account sign-in. The goal of this spam campaign is to trick recipients into calling a fraudulent support line, thereby entan
Our inspection of the "Check Failed Messages" email revealed that it is spam. This is a phishing message that targets email account log-in credentials (passwords) by claiming that the recipient has multiple emails pending in quarantine. The spam email with the subject "[recipient's_email_a