Raven is an information-stealing malware created with Delphi and C++. It focuses on stealing personal and sensitive information from infected devices. The malware operates quietly to avoid detection and can perform its activities with minimal operator involvement. If detected on a device, Raven sh
Our research team found medicmediai[.]com during a routine inspection of suspect websites. Upon examination, we learned that this rogue page endorses spam browser notifications and produces redirects to different (likely dubious/harmful) sites. The majority of visitors to medicmediai[.]com and we
Our inspection of the "Annual Financial Review Status" email revealed that it is spam. This message instructs the recipient to review the annual financial document to proceed with its finalization. The goal of this spam campaign is to deceive recipients into installing the ConnectWise ScreenConnec
Madstudiyo[.]com is a rogue webpage designed to promote browser notification spam and redirect users to different (likely unreliable/hazardous sites. Most visitors to such pages access them via redirects produced by websites employing rogue advertising networks. Our researchers discovered madstudi
Our research team found the loboodae[.]com rogue page while inspecting dubious websites. It is designed to promote browser notification spam and generate redirects to different (likely unreliable/harmful) sites. Loboodae[.]com and similar webpages are primarily accessed via redirects caused by web
We have inspected lookinews[.]com and concluded that it is designed to trick visitors into granting it permission to show notifications. The site uses clickbait to achieve this. If allowed, lookinews[.]com can display annoying and often deceptive notifications to promote other shady websites.
After reviewing leoligallize[.]com, we found that the site is designed to deceive visitors into enabling browser notifications. If accepted, notifications from leoligallize[.]com can be used to trick users into opening other shady sites via misleading alerts, offers, or similar content. Thus, leol
Efimer is malware used to steal cryptocurrency. It spreads through infected WordPress sites, malicious torrent files, and deceptive emails. The malware communicates with its operators over the Tor network and uses specific scripts to compromise vulnerable WordPress pages and gather email addresses
SoupDealer is a Java-based three-stage malware loader capable of bypassing traditional antivirus and sandbox solutions. Cybercriminals were observed targeting computers running Windows operating systems located in Turkey. The malware is used to obtain remote access to infected systems. The
DarkCloud is a malicious program classed as a stealer. Malware within this classification is designed to steal sensitive information from infected systems. DarkCloud stealer has been observed using sophisticated infiltration and anti-analysis/anti-detection techniques. DarkCloud has infilt