We have inspected the message and concluded that it is a scam email disguised as a notification from the cloud service provider. It urges recipients to take immediate action to "save" their files. The scammers behind this message seek to trick recipients into opening fake websites and following th
NodeCordRAT is a type of malware (a Remote Access Trojan, or RAT) that is distributed by hiding it inside fake npm packages. The RAT uses Discord as a communication channel and enables cybercriminals to control infected devices remotely. It is used mainly to steal information from web browsers and
While examining suspicious websites, our researchers came across claiming-campaign[.]com, a fraudulent page posing as the official Aave platform. The site falsely claims that users affected by a recent Aave attack can now recover their lost assets by connecting their wallet. In reality, it is a cr
CloudZ is a remote access Trojan (RAT). It uses a custom plugin to steal credentials and potentially capture one-time passwords (OTPs). CloudZ also avoids detection by running malicious functions in system memory and checking for debuggers and sandbox environments. The RAT should be removed from i
3Crypt RAT is a Remote Access Trojan targeting macOS systems. The moment it executes, it performs thorough profiling of the infected machine - collecting hardware identifiers, reading the device's security settings, mapping the network, and enumerating every running process. It then installs mul
We have inspected this page and determined that it is a scam. It impersonates an Apple security notice, falsely claiming that the visitor's iPhone has been infected with 44 viruses. Apple Inc. is a legitimate technology company and has no connection to this scheme. Pages like this push users towar
After inspecting this email, we determined that it is spam. These letters operate as sextortion scams. They make false claims about the recipients' devices being infected with malware and subsequently used to obtain compromising recordings. The fake emails demand payment under threat of the conten
During our examination of dubious websites, our researchers discovered proposal-stacks[.]co, a page imitating the official Stacks platform. It promotes a fake voting rewards program, claiming participants who vote will receive a bonus $STX allocation upon launch. In reality, this site is a cryptoc
We have examined this email and determined it is a scam. The message is crafted to look like an official billing notification from Intuit QuickBooks, falsely claiming that a subscription payment could not be processed. The goal is to pressure recipients into calling a fraudulent phone number, wher
Evolution is a Go-based information-stealing malware that collects sensitive data from a wide range of applications and accounts, including web browsers, VPN clients, and gaming accounts. The malware is used to harvest information that can be misused for unauthorized access or resale. Victims may