Our researchers discovered NotHere while browsing new malware submissions to the VirusTotal platform. We determined that NotHere is a ransomware-type program that encrypts files in order to demand payment for their decryption. After we executed a sample of this ransomware on our testing system, i
MetaRAT is a variant of the well-known PlugX Remote Access Trojan (RAT). It is written in the C/C++ programming language and supports C2 commands, such as collecting system information and executing commands. It also includes additional tools, such as a keylogger. If detected, MetaRAT should be re
CastleRAT is a recently discovered Remote Access Trojan (RAT). It is designed to provide attackers with stealthy and persistent access to compromised devices. There are two versions of CastleRAT - more and less sophisticated. The latter can collect system details, download additional payloads, exe
CyberSquad is ransomware, a type of malware that prevents access to files by encrypting them. In addition to encrypting files, CyberSquad replaces filenames with a random string of characters and the ".m1nus273" extension. For example, it renames "1.jpg" to "7b95a143.m1nus273", "2.png" to "3ae172d
We have reviewed the message and confirmed it is a phishing attempt disguised as a delivery alert. It includes a link leading to a deceptive website created to steal personal information. If recipients follow the provided instructions, they could lose access to their accounts and experience additi
We have checked the message and determined that it is a phishing email masquerading as a service notification. It contains a link to a fake website designed to pilfer personal information. If recipients fall for this scam, they may not be able to access their account (or accounts) and encounter ot
Our researchers discovered webmotion.co[.]in while browsing sites that use rogue advertising networks. This webpage promotes browser notification spam and redirects users to different (likely unreliable/dangerous) websites. Webmotion.co[.]in and analogous pages are primarily accessed via redirects
Vannettants[.]com is a rogue page that promotes spam browser notifications and redirects users to different (likely untrustworthy or harmful) websites. Most visitors to such webpages access them via redirects produced by sites using rogue advertising networks. In fact, our research team discovere
Our research team discovered the nopatizing[.]com rogue page while inspecting dubious websites. After examining this webpage, we learned that it promotes browser notification spam and generates redirects to various (likely unreliable/dangerous) sites. Most visitors to nopatizing[.]com and analogou
After inspecting this "Human Resources Report" email, we determined that it is fake. This spam message claims that the recipient can now access the monthly report from their HR department. This campaign aims to deceive recipients into disclosing their email account log-in credentials to a phishing