WebSocket is the name of a Remote Access Trojan (RAT). This malware allows attackers to access/control devices remotely. It was used in a highly targeted phishing campaign that involved six months of planning and was executed on the 8th of October, 2025. It was designed for maximum efficacy and th
Vidar 2.0 is a new release of the Vidar malware, rewritten in C programming language and capable of multi-threaded data stealing. It defeats Chrome's app-bound encryption and includes advanced evasion features. Stolen data is sent to delivery channels like Telegram bots and Steam profile URLs.
After inspecting "Your Email Has Stopped Working", we determined that this email is spam. It claims that the recipient can no longer send messages because their mailbox has exceeded its storage capacity. This spam campaign aims to trick recipients into revealing their email log-in credentials to a
After reviewing this "Routine Account Check" email, we determined that it is spam. It instructs the recipient to verify their account settings to avoid mail service interruptions. The purpose of this spam campaign is to lure recipients into disclosing their email account log-in credentials to a ph
Our analysis indicates that gravixluno.co[.]in is a malicious website designed to trick visitors into enabling its notifications. Allowing notifications from this site can result in persistent, misleading alerts that may lead to websites that can compromise security and privacy. Therefore, gravixl
We have analyzed the message and determined that it is a phishing email pretending to be a notification about an approved October salary. It includes a link to a deceptive website designed to extract personal information from visitors. This scam email should be ignored and deleted to avoid the ass
Our inspection has revealed that synicametion[.]com is an untrustworthy website created to lure visitors into accepting its notifications. If permitted, synicametion[.]com can flood users with annoying and misleading notifications that can expose them to security and privacy risks. Thus, synicamet
We have inspected jeiia.co[.]in and discovered that it is one of the numerous fraudulent websites designed to trick visitors into taking action that permits the page to show notifications. If permission is granted, jeiia.co[.]in can send deceptive notifications to promote other potentially malicio
Our team has inspected the email and concluded that it is a phishing attempt posing as a "critical email notice". Like most phishing emails, it includes a link to a fake website. Scammers use this email to trick recipients into entering personal information on the deceptive page. This emai
Arrectines[.]com is a rogue webpage discovered by our researchers during a routine inspection of untrustworthy sites. Upon examination, we learned that it promotes browser notification spam and produces redirects to different (likely unreliable/hazardous) websites. The majority of visitors to arr