Our researchers found an installer containing the Temeliq Ultra Touch PUA (Potentially Unwanted Application) while browsing deceptive websites. These apps usually have harmful abilities, and upon analysis, we discovered that Temeliq Ultra Touch acts as a dropper for the Legion Loader malware.
Our researchers discovered DarkMystic while investigating new submissions to the VirusTotal platform. This program belongs to the BlackBit ransomware family. Malicious software within this classification encrypts data and demands payment for the decryption. On our testing system, DarkMystic (Blac
While browsing new submissions to VirusTotal, our research team discovered the Jeffery ransomware. Malicious programs within this category are designed to encrypt data and demand payment for the decryption. On our test machine, Jeffery malware encrypted files and appended their filenames with a "
VerdaCrypt is a ransomware-type program found by our researchers during a routine inspection of new malware submissions to VirusTotal. Ransomware encrypts victims' data and demands payment for its decryption. After we executed a sample of VerdaCrypt on our test machine, it encrypted files and add
After inspecting this "iToken" presale – we determined that it is fake. When users attempt to take part in the presale event, they are deceived into disclosing private information through a bogus registration process. It must be emphasized that this scam is in no way associated with Apple Inc. or
After reading this "We Hacked Your System" email, we determined that it is spam, specifically – a sextortion scam email. This message threatens to leak an explicit video of the recipient to their contacts unless the blackmailer is paid. It must be emphasized that all the claims in this message are
Neptune is a Remote Access Trojan (RAT) written in the Visual Basic (.NET) programming language. Trojans of this kind enable remote access and control over compromised machines. Neptune is a highly multi-functional piece of malicious software. There have been several variants of this RAT. At the
TROX is a stealer-type malware written in several programming languages. This malicious program has been around since at least 2024. It seeks to extract sensitive information from infected systems, including credit card details and cryptowallets. It is offered as MaaS (Malware-as-a-Service) with
While browsing suspicious websites, our researchers discovered the apphonest[.]monster rogue page. It is designed to promote deceptive content and browser notification spam. This webpage can also redirect users elsewhere (likely dubious/hazardous sites). Most visitors access apphonest[.]monster an
After inspecting this "Direction Générale Des Finances Publiques" email, we determined that it is fake. This message is presented as a notification regarding the recipient's documents on the General Directorate of Public Finances, a branch of the Ministry of Economics and Finance. Typically, ema