KarstoRAT is a remote access Trojan (RAT) that enables threat actors to steal information, execute commands, and perform other malicious actions on the infected device. The RAT disguises its command-and-control traffic as legitimate security software to avoid suspicion and uses persistence techniq
Our analysis shows that Osa is ransomware from the Makop family. We discovered this ransomware while analysing samples uploaded to VirusTotal. Once a device is infected, Osa encrypts files, appends its extension to files (".osa") along with the victim's ID and an email address, and creates a ranso
This article describes how cybercriminals abuse a legitimate remote administration tool called Teramind for malicious purposes. Remote access tools allow users to control or access a device from another location over the internet. When used by cybercriminals, they can secretly access a victim's de
We have examined the Zap PDF application and found that it is advertised as a tool for converting files. However, the app is flagged as malicious by multiple security vendors and can make adjustments in browser settings (it can hijack a browser). Installing Zap PDF can result in privacy and securi
We have inspected the email and concluded that scammers behind it seek to trick recipients into believing that it is a quarantine report from the email service provider. The email contains a link to a fake website designed to steal personal information. Victims of this scam may lose access to thei
Upon testing locate.oculabase.com, we found that it is a fake search engine promoted through an extension designed to hijack web browsers. This fake search engine does not generate results. Instead, it redirects users to other sites that may include fraudulent pages. The extension promoting locate
We have inspected the email and concluded that it is a phishing message posing as an authentication notice from the email provider. Its goal is to lure recipients into sharing personal data on a fraudulent website. Victims of this scam may encounter issues such as account hijacking and additional
LSD is ransomware designed to encrypt files. In addition to blocking access to files, it appends the ".lsd" extension to files and generates a ransom note ("LSD_README.txt"). For example, it renames "1.jpg" to "1.jpg.lsd", "2.png" to "2.png.lsd", and so forth. LSD also displays a full-screen ranso
SURXRAT is a remote access Trojan (RAT) that is sold as a malware-as-a-service (MaaS) via a Telegram-based platform. Analysis of its source code and features suggests that SURXRAT likely originated from Arsink RAT. The malware targets Android devices, can steal sensitive information, and can block
We have examined splumatorwrin[.]com and found that it uses clickbait to trick visitors into allowing it to send notifications. Those notifications can contain deceptive content and lead users to untrustworthy and potentially malicious sites. Users should be careful when encountering sites like sp