DebugElevator is a credential-stealing malware distributed via a supply chain attack on popular Laravel PHP developer packages. According to research by StepSecurity, Aikido Security, and Socket, attackers compromised four Laravel Lang repositories and injected a dropper that silently downloads an
We have inspected this email and determined it is a phishing scam. Disguised as a routine service notification from Dropbox, it lures recipients into visiting a fraudulent website that steals their email account credentials. This email should be ignored. The email claims the recipient is n
After inspecting this email, we determined that it is a scam. The message pretends to be a security notification from Microsoft Outlook warning that the recipient's email client is out of date. Its real purpose is to push people onto a fake login page that steals email account credentials. The ema
During a routine investigation, our researchers discovered search-crown.com - a fake search engine that is promoted through various browser hijackers and unwanted browser extensions. Users whose browsers are affected by this type of software are redirected to search-crown.com without their consen
While investigating suspicious websites, our research team discovered the underont[.]com rogue page. It uses a fake human verification prompt to trick visitors into allowing browser notifications. Once permission is granted, underont[.]com delivers misleading alerts and advertisements that can exp
Our researchers discovered prozonelarantix.co[.]in while investigating dubious websites. After examining this rogue page, we determined that it promotes browser notification spam and generates redirects to other (likely unreliable/dangerous) sites. Prozonelarantix.co[.]in presents visitors
Our researchers discovered nomososkledne[.]com while investigating dubious websites. After examining this rogue page, we determined that it promotes browser notification spam and generates redirects to other (likely unreliable/dangerous) sites. Most visitors reach pages like this via redirects cau
OverlayPhantom is an Android banking trojan that targets more than 180 banking, financial, and cryptocurrency applications across ten countries. Once installed, it hides under the name "Google Play Services" and overlays fake login screens on top of real banking apps to steal credentials. OverlayP
BTMOB RAT is an Android Remote Access Trojan sold to cybercriminals under a malware-as-a-service model. It gives attackers broad control over infected devices, including the ability to steal data and spy on victims in real time. According to research by ESET, BTMOB RAT was first documented in Febr
While investigating suspicious websites, our research team discovered the jartibbinght[.]com rogue page. After examining it, we determined that it uses deceptive tactics to trick visitors into enabling browser notifications, and then redirects them to other unreliable or harmful sites. Most visito