RemotePE is a Remote Access Trojan (RAT) attributed to the Lazarus Group, a North Korean state-sponsored hacking collective. According to research by Fox-IT, RemotePE runs entirely in memory and never writes itself to disk, making it extremely difficult to detect with conventional security softwar
After examining this email, we determined that it is a phishing scam. The message poses as an automated alert from a mail security service, claiming the recipient's email deliverability settings need immediate attention. It tricks recipients into clicking a link that leads to a fake website design
We have examined this email and determined it is a phishing scam. It impersonates cPanel Webmail with a false claim that the recipient's mailbox is pending deletion. The scammers behind it seek to steal email login credentials, and the message should be ignored to avoid account compromise.
During our investigation of dubious websites, our team examined tokendisbursement[.]xyz and found that it promotes a fake cryptocurrency airdrop for Red Kitten Crew ($RKC) tokens. The site claims to offer an official distribution of $RKC on the Solana ecosystem. In reality, it is a fraudulent page
During our examination of dubious websites, our researchers came across opneclawai[.]top - a fraudulent page mimicking the legitimate OpenClaw AI platform (openclaw.ai). The site poses as an AI-powered trading analyst for Solana tokens and prompts visitors to connect their cryptocurrency wallets.
While inspecting suspicious pages, our researchers came across nearprotocol-checker[.]xyz, a website pretending to be tied to the NEAR Protocol. It promotes a fake "$NEAR Points Allocation Checker" and is built to drain cryptocurrency from wallets that connect to it. IMPORTANT NOTE: We do no
We analyzed this email and found it to be malspam. The message poses as a shipping notification, urging recipients to click a link to check their order and tracking details. The link leads to a fraudulent website that silently downloads a trojanized remote access tool onto the visitor's device. Th
We have examined this email and determined it is a phishing scam. The message is disguised as an urgent security notice from an internal IT team, urging recipients to verify their email account ownership. It should be ignored to avoid having email credentials stolen by cybercriminals. The
We have examined this email and determined it is a scam. It is crafted to appear as a business inquiry from a LinkedIn buyer, complete with what claims to be a signed contract attachment. The file attached is a malicious HTML document that, when opened, displays a fake LinkedIn login page designed
Gines is ransomware belonging to the Makop family. We discovered it while examining new malware samples submitted to the VirusTotal website. It encrypts files, appends a complex extension to their filenames, drops a ransom note, and changes the desktop wallpaper. On our test machine, Gines append