Shamos is a variant of the AMOS (Atomic) stealer. This malicious program targets macOS devices and seeks to steal sensitive data. Shamos has been around since at least the summer of 2025. It was developed and is offered as MaaS (Malware-as-a-Service) by a threat actor group dubbed "COOKIE SPIDER
Our investigation revealed that this is a phishing email disguised as a security alert from an online service provider. It includes a link to a fraudulent website aimed at stealing personal information from recipients. Whoever receives this email should disregard the message to prevent account com
Our analysis has shown that it is a phishing email posing as a security notification from an email service provider. The scam email contains a link to a fake site designed to extract personal information from unsuspecting recipients. It should be ignored to avoid account hijacking and other potent
Antivirus by FSB is an advanced backdoor that compromises Android devices. Threat actors have deployed it in campaigns targeting Russian business representatives. Its functionality includes the execution of various malicious commands. If detected on a device, the malware should be removed immediat
Kelpmetoreali[.]com is a rogue webpage discovered by our research team during a routine investigation of suspicious sites. After examining this page, we determined that it promotes dubious content and browser notification spam. It can also redirect users to other (likely unreliable/malicious) webs
While investigating untrustworthy sites, our researchers discovered the jpadsnow[.]com rogue webpage. It operates by endorsing browser notification spam and generates redirects to different (likely unreliable/hazardous) websites. Jpadsnow[.]com and similar pages are primarily accessed through redi
We have examined knobd[.]com and concluded that its purpose is to deceive visitors into taking actions allowing the site to show notifications. Once permitted, knobd[.]com can display annoying and often misleading notifications. Clicking the links in such notifications can expose users to privacy
KillBack is ransomware that our team discovered while examining samples submitted to VirusTotal. Upon execution, KillBack encrypts data, appends the victim's ID and ".killback" extension to files, and creates a ransom note ("README.TXT"). An example of how the malware modifies filenames: It chang
Our research team found this fake "Brian" airdrop while browsing suspicious sites. Upon examination, we learned that this scam operates as a cryptocurrency drainer. Essentially, it aims to steal digital assets from exposed cryptocurrency wallets. It must be stressed that this bogus airdrop is not
Our team has examined the email and concluded that it is a scam. The message is disguised as a notification from UPS (a legitimate global shipping and logistics company). It is crafted to deceive recipients into sending money and (or) information to scammers. Recipients of this email should ignore