Propionanilide is a Discord-based remote access Trojan (RAT) that belongs to a family of RATs. It shares core functionality with other family members (UwUdisRAT, STD, and Minecraft RATs). Early versions of Propionanilide contained all functionality in a single executable, while later versions spli
We have found that thorhortizinity[.]com is a fraudulent website designed to trick visitors into agreeing to receive its notifications. If permitted, it can send misleading messages meant to lure users into clicking links. Those notifications can direct users to other untrustworthy pages. Thus, th
Hallacklear.co[.]in has been identified as a fraudulent website designed to trick users into consenting to get its notifications. We found that if permission is granted, the site can send misleading messages meant to lure users into clicking links/buttons. Enabling notifications from hallacklear.c
Dante is a sophisticated spyware used for targeted espionage. The attacks involve a persistent loader and a backdoor called LeetAgent for post-exploitation access. Dante is deployed via phishing emails that exploit a vulnerability in a Chrome browser. Its primary purpose is to collect data from or
Atroposia is a remote access Trojan (RAT) promoted on underground forums. Its capabilities include hidden remote desktop control, credential and cryptocurrency wallet theft, DNS hijacking, and vulnerability scanning, among others. If detected on the system, Atroposia should be eliminated immediate
GhostGrab is a dual-purpose Android malware that steals financial data while secretly using infected devices to mine cryptocurrency. It collects banking logins, card data, and one-time codes (via intercepted SMS), fingerprints devices, and runs a hidden miner. If detected on a device, GhostGrab sh
We have inspected the site (movequestboosts[.]com) and found that it mimics the original MoveQuest website (movequest.com) to trick visitors into taking actions that allow scammers to steal cryptocurrency. The fraudulent page offers rewards to lure unsuspecting individuals. It should be avoided to
Our analysis shows that aster-shares[.]com is a deceptive page imitating the original Aster website (asterdex.com). The scammers behind the fraudulent page seek to steal cryptocurrency from victims. Their goal is to trick visitors into unknowingly activating a malicious tool. IMPORTANT NOTE:
Our team has inspected the website (cryptocurrencyairdrop-ama9.vercel[.]app) and found that it uses deception to extract personal information from unsuspecting visitors. The ultimate goal is to steal cryptocurrency. Therefore, this scam website should not be trusted and should be closed if ever op
We have determined that usdwin[.]la is a scam website posing as a "reward portal". Its goal is to trick visitors into believing that they can collect rewards in cryptocurrency by connecting their wallet. Falling for this scam can result in huge financial losses. Thus, it should be avoided and clos