StarshellRAT is a Remote Access Trojan (RAT) written in the C# programming language. Trojans within this classification are designed to enable attackers to access and control machines remotely. StarshellRAT has been utilized in 2025 by a North Korean state-backed threat actor group dubbed "Andari
While investigating questionable websites, our research team found the news-pekota[.]cc rogue page. It operates by endorsing browser notification spam and redirecting visitors to different (likely untrustworthy/harmful) sites. The majority of visitors to news-pekota[.]cc and analogous webpages acc
JelusRAT is a remote access trojan (RAT) that provides remote control over the infected computer. The RAT is written in C++ and uses a loader that unlocks (decrypts) the main malware. Once decrypted, the malware runs directly in memory, instead of being saved as a separate file, making it harder t
Monvertic[.]com is a rogue website discovered by our researchers during an inspection of untrustworthy sites. This page promotes deceptive content (scams) and browser notification spam. It also causes redirects to different (likely unreliable/hazardous) websites. Most users access monvertic[.]com
Our researchers found this fake "BULLFIREX" airdrop during a routine inspection of suspicious websites. After further investigation, we determined that this deceptive page operates as a cryptocurrency drainer – by stealing digital assets from exposed cryptowallets. IMPORTANT NOTE: We do not
While inspecting new submissions to the VirusTotal website, our researchers discovered the Milkyway ransomware. Malware of this kind is designed to encrypt files and demand payment for the decryption. After we executed a sample of this software on our test machine, it encrypted files and added a
Our review of this website (trumpluck[.]hk) shows that it is a scam. It tries to attract individuals by promising a "special bonus" but is actually designed to deceive them. Engaging with the site could lead to losing money (cryptocurrency) or having personal information stolen (or both). It is st
We have reviewed bridgetechportal[.]com and determined that it uses a misleading tactic to obtain permission to show notifications. If visitors allow the site to send notifications, they may be frequently bombarded with fake warnings, annoying advertisements, bogus warnings, and similar messages.
Our analysis has determined that gousoroil[.]lat is a fraudulent website, created to mimic the original United States Oil Reserve (USOR) site, usor.tech. It is used by scammers to trick visitors into taking actions that can lead to cryptocurrency theft. This fraudulent page should be avoided and c
We have inspected the message and found it to be a phishing email disguised as a notification from Wells Fargo regarding a processed payment. Usually, scammers use emails like this one to steal personal information. Falling for them can result in account hijacking and other issues. Thus, recipient