Copybara is the name of an Android-type malware that operates as a RAT (Remote Access Trojan), spyware, and information stealer. This malicious program was first discovered in the autumn of 2021, and the latest variant emerged in November 2023. Copybara infiltrates systems under the guise of vari
NGate is an Android-specific malware. The goal of this software is to enable cyber criminals to make ATM withdrawals from victims' bank accounts. However, the technique used by NGate to facilitate this activity could be used for other malicious purposes. At the time of writing, this malware was u
Our researchers discovered Razrusheniye ransomware while investigating new submissions to the VirusTotal platform. Malicious programs within this category operate by encrypting data and demanding payment for the decryption. After we executed a sample of Razrusheniye on our test machine, it encryp
HZ RAT is a backdoor malware targeting macOS users (more precisely, users of DingTalk and WeChat versions for macOS). It is important to note that there is also a Windows version of HZ RAT malware. In order to avoid potential risks, victims should remove the malware from infected computers as so
Bull Checker is a malicious browser extension that operates as a cryptocurrency stealer. It modifies digital asset transactions to reroute them into wallets in the cyber criminals' possession. At the time of research, Bull Checker targeted Solana cryptocurrency (SOL). Upon installation, th
Cheana is an information stealer targeting three operating systems: Windows, Linux, and macOS. Cybercriminals behind Cheana utilize a deceptive website to distribute the malware. It is known that the attackers have previously offered seemingly legitimate VPN services but later started distributing
After investigating the "Compromise Of Your Digital Identity" email, we determined that it is malspam. This spam message claims that the recipient's digital identity might have been compromised. The personal information affected is detailed in the attachment document. Instead of containing any su
We have examined trksecurescanf[.]com and learned that the purpose of this deceptive page is to lure visitors into taking certain actions. Like most web pages of this type, trksecurescanf[.]com asks permission to send notifications. If encountered, trksecurescanf[.]com (or any similar site) should
During our examination of toptosearch.com, we noticed that it does not generate search results. Thus, we classified toptosearch.com as a fake search engine. We also found that toptosearch.com is promoted through an extension that functions as a browser hijacker. Users should avoid using toptosearc
During our inspection of IcuApp, we noticed that this application has no clear purpose. Moreover, it is hosted on a shady web page and distributed with other dubious programs. Therefore, users should avoid installing IcuApp (and the associated apps) to avoid potential security and privacy risks.