CastleStealer is an information stealer that targets Windows computers. It is delivered by a custom Windows loader called OXLOADER, which handles the initial infection and drops the stealer payload onto the compromised system. Elastic Security Labs researchers documented the campaign and identifi
We have inspected this email and determined that it is a phishing scam. The message poses as a routine IT department notice about mailbox storage and security maintenance. It aims to trick recipients into entering their email credentials on a fraudulent login page. This email should be ignored.
We have examined this "We Have Processed Your Payment" email and concluded that it is a phishing message. It is disguised as a payment notification from AccertaClaim ServiCorp Inc. and tries to lure recipients into signing in on a fraudulent webpage. Anyone who receives this email should ignore it
We have examined this email and determined it is a phishing scam. The message is disguised as a document notification from DocuSign, falsely claiming that an outstanding invoice is ready for the recipient's review and signature. Clicking the provided button leads to a fake webmail login page desig
After inspecting this email, we determined that it is a scam. The message is designed to appear as a vendor registration invitation from Flydubai Aviation Group. The scammers behind it seek to trick businesses into sharing sensitive information and eventually paying fake fees. This letter should b
We have examined this email and determined it is a phishing scam. The message is disguised as a business order inquiry, with a link that appears to lead to legitimate documents but instead opens a fake login page designed to steal email credentials. Recipients should ignore this email to avoid hav
We inspected the Pure Safety browser extension and found it has the traits of a browser hijacker. Once added to a web browser, it changes certain settings to promote pureextension.net, which is a fake search engine. The extension claims to display website safety scores directly in browser search
We inspected this email and found it to be a phishing scam. The message pretends to be a payslip notification sent from an employer's payroll department. Its real goal is to steal email login credentials by directing recipients to a fake webmail page. The email should be ignored. The email
Prinz Eugen is ransomware written in the Go programming language and first publicly documented by ThreatDown; our team also examined samples submitted to VirusTotal. It encrypts files and appends a .prinzeugen extension to every affected filename, making them impossible to open. On our test machi
During our investigation of suspicious websites, we examined tkstio.pages[.]dev and found it promotes a fake cryptocurrency airdrop for $TKST tokens. The site is designed to trick visitors into connecting their cryptocurrency wallets, which activates a drainer that silently moves funds to the scam