Massiv is a banking Trojan aimed at Android devices. It allows threat actors to take control of infected phones and carry out fraudulent transactions from the victim's bank accounts. Cybercriminals disguise Massiv as IPTV apps to trick users searching for online TV services. If detected on a devic
We analyzed cynovira[.]com and found that it uses clickbait to lure visitors into enabling notifications. These notifications may show misleading content and direct users to untrustworthy websites. Users should be cautious with sites like cynovira[.]com and avoid following the instructions they pr
PromptSpy is an Android malware that uses generative AI for persistence. It uses Google Gemini to analyze what appears on the infected device's screen and determine how to remain active in the recent apps list. This helps the malware keep running in the background. Its main goal is to install a VN
BoryptGrab is malware that steals information from infected devices in various ways. It spreads through fake GitHub pages offering free software. It is important to note that during the attack chain involving BoryptGrab, another malware, a backdoor known as TunnesshClient can be injected. If detec
VKontakte (VK)-themed account hijackers are malicious extensions that masquerade as VKontakte customization tools but actually take over VK accounts. There are at least five fake extensions (mentioned in our article below) that contain malware and are designed to perform specific tasks. If any of
The Trojanized version of the RedAlert app looks like the real app, but it secretly injects spyware on the device. It is distributed via SMS phishing (smishing) messages instructing recipients to download an urgent update. The purpose of the malicious application version is to collect sensitive pe
Our team has inspected the email and found that it is a phishing attempt. The scammers designed it to look like an important notification from the email service provider to trick recipients into opening a fraudulent website. Their goal is to steal personal information that can be used to hijack ac
Our analysis shows that iscans[.]pro is a fraudulent website created to steal cryptocurrency. The site pretends to provide a cryptocurrency tracking tool to attract potential victims. People who fall for these scams typically lose their funds permanently. For this reason, iscans[.]pro should not b
QuickLens - Search Screen with Google Lens is promoted as an extension for searching a screen or any image for product details, translations, and more. However, this extension is actually considered as a malware. It contains malicious scripts designed to harvest sensitive information and launch Cl
We have examined the website (waronsoi[.]pro) and concluded that it is a fraudulent site designed to steal cryptocurrency. It promises free tokens as a lure. Victims of such scams usually permanently lose their crypto. Thus, waronsoi[.]pro should be avoided and closed if ever encountered. IM