PhantomPulse is a remote administration Trojan (RAT) developed using artificial intelligence (AI). It targets both Windows and macOS users. It is known that attacks often begin using a tool called Obsidian to gain access to devices. Usually, cybercriminals use RATs like PhantomPulse to steal infor
OmniStealer is an information stealer targeting cryptocurrency wallets, web browsers, and other applications (and accounts). It is commonly delivered using GitHub repositories. Victims of OmniStealer attacks can encounter issues such as identity theft, financial loss, account hijacking, reputation
Our analysis shows that register-tether[.]xyz is a deceptive website designed to look like the official Tether page (tether.io). It offers rewards in exchange for voting, but its real purpose is to trick visitors into following instructions that can lead to the theft of their cryptocurrency. This
KRYBIT is ransomware that our team discovered while examining malware samples uploaded to VirusTotal. Once executed, it encrypts files and appends the ".KRYBIT" extension to files. For instance, it renames "1.jpg" to "1.jpg.KRYBIT", "2.png" to "2.png.KRYBIT", and so on. KRYBIT also drops a ransom
Infiniti is an information stealer targeting macOS users. Cybercriminals were observed distributing it via ClickFix, a deceptive social engineering technique. Infiniti is designed to steal various information, including browser credentials, Keychain entries, and cryptocurrency wallet data. If de
We have inspected the website (makealiensgreatagain[.]app) and found that it is a copy of the original Make Aliens Great Again platform (makealiensgreatagain.com). The fraudulent version is designed to steal cryptocurrency from victims through a malicious tool. It should be avoided to prevent fina
Our team has determined that this is a scam involving a legitimate website (GitHub platform) and a fake application uploaded to it. The distributed application is flagged as malicious by multiple security vendors. Thus, installing it may lead to identity theft, financial loss, or other issues. Use
Net is ransomware that we uncovered while examining malware samples submitted to VirusTotal. After execution, Net makes files inaccessible by encrypting them. Also, the ransomware appends the ".net6" extension to files (the number in it may vary) and provides a ransom note ("Recovery_Instructions.
notnullOSX is an information stealer written in the Go programming language. It targets macOS users and is used to steal cryptocurrency from victims. Threat actors distribute notnullOSX using a ClickFix technique and infected DMG files. If this malware gets detected on a device, it should be rem
Our team has discovered that cybercriminals compromised the official Harvard website (hir.harvard.edu) and injected ClickFix. By exploiting access to a trusted, reputable domain, the attackers were able to host malicious content that appears legitimate, increasing the likelihood that visitors woul