PromptSpy is an Android malware that uses generative AI for persistence. It uses Google Gemini to analyze what appears on the infected device's screen and determine how to remain active in the recent apps list. This helps the malware keep running in the background. Its main goal is to install a VN
BoryptGrab is malware that steals information from infected devices in various ways. It spreads through fake GitHub pages offering free software. It is important to note that during the attack chain involving BoryptGrab, another malware, a backdoor known as TunnesshClient can be injected. If detec
VKontakte (VK)-themed account hijackers are malicious extensions that masquerade as VKontakte customization tools but actually take over VK accounts. There are at least five fake extensions (mentioned in our article below) that contain malware and are designed to perform specific tasks. If any of
The Trojanized version of the RedAlert app looks like the real app, but it secretly injects spyware on the device. It is distributed via SMS phishing (smishing) messages instructing recipients to download an urgent update. The purpose of the malicious application version is to collect sensitive pe
Our team has inspected the email and found that it is a phishing attempt. The scammers designed it to look like an important notification from the email service provider to trick recipients into opening a fraudulent website. Their goal is to steal personal information that can be used to hijack ac
Our analysis shows that iscans[.]pro is a fraudulent website created to steal cryptocurrency. The site pretends to provide a cryptocurrency tracking tool to attract potential victims. People who fall for these scams typically lose their funds permanently. For this reason, iscans[.]pro should not b
QuickLens - Search Screen with Google Lens is promoted as an extension for searching a screen or any image for product details, translations, and more. However, this extension is actually considered as a malware. It contains malicious scripts designed to harvest sensitive information and launch Cl
We have examined the website (waronsoi[.]pro) and concluded that it is a fraudulent site designed to steal cryptocurrency. It promises free tokens as a lure. Victims of such scams usually permanently lose their crypto. Thus, waronsoi[.]pro should be avoided and closed if ever encountered. IM
We have checked the message and discovered that it is from scammers. This deceptive email is presented as a notification from an email service provider. It warns recipients about a supposedly detected fraudulent activity to trick them into opening a fake website. The purpose of this scam email is
GHOSTFORM is a .NET-based remote access trojan (RAT) that combines multiple attack capabilities into a single binary and executes PowerShell scripts directly in memory. It uses evasion techniques such as invisible Windows forms and delayed execution timers to help avoid detection. If detected, GHO