Our inspection of the "Messages Awaiting Your Attention" email revealed that it is spam. It is presented as a notification concerning undelivered messages that are pending verification. The purpose of this spam campaign is to lure recipients into visiting a phishing site targeting email log-in cre
Phenol is a piece of malicious software categorized as ransomware. Malware within this category operates by encrypting data and demanding a ransom for the decryption. On our test machine, this ransomware encrypted files and added the attackers' email address and the ".phenol" extension to their f
MacSync is a piece of malicious software that is a rebranded and upgraded version of the mac.c stealer. mac.c was developed in the spring of 2025, and a month later, the rebrand occurred. MacSync retains the data-stealer functionalities but also has backdoor capabilities. While the stealer was w
BaoLoader is a program designed to introduce additional harmful content into compromised devices. This malware has primarily infiltrated malicious Google Chrome browser extensions. It is also capable of executing malicious JavaScript. BaoLoader is installed onto systems with seemingly legitimate
Our analysis shows that grattederia[.]com is an unreliable website that attempts to obtain permission to deliver push notifications using deceptive instructions. If accepted, these notifications may lure users into visiting additional unsafe or malicious sites. For this reason, grattederia[.]com s
Gentlemen is ransomware that encrypts files and appends a random extension to them. For example, during encryption a file named "1.jpg" is changed to "1.jpg.7mtzhh", "2.png" to "2.png.7mtzhh", and so fort. Also, provides a ransom note ("README-GENTLEMEN.txt"). Its purpose is to extract money from
Osprey is information-stealing malware designed to harvest sensitive data from infected systems. It targets cryptocurrency wallets, various game data, system information, and other details. Cybercriminals can use it to hijack accounts, steal money and identities, and for other malicious purposes.
Maranhão is an information-stealing malware written in Node.js and delivered through Inno Setup installers. It targets various sensitive information, including cryptocurrency wallet data. Its infiltration can lead to privacy issues, monetary loss, and other problems. If detected on a system, Maran
Our analysis of the site (app.hyperswapx[.]exchange) has uncovered that it is a fraudulent copy of the official HyperSwap platform (app.hyperswap.exchange). The site is intended to deceive users into connecting their wallets, allowing scammers to steal their cryptocurrency. This deceptive site sho
HybridPetya is ransomware that shares similarities with Petya and NotPetya. One of the main differences is that HybridPetya can bypass UEFI Secure Boot defenses on vulnerable systems - it starts its malicious activities before the operating system even loads. Like most ransomware variants, HybridP