SnipBot is a variant of RomCom remote access Trojan (RAT) that allows attackers to execute commands on a victim's system and download additional modules. The new variant employs a custom obfuscation technique along with advanced anti-analysis methods. Threat actors have been observed distributing
Our examination of ladsnow[.]com has revealed that the purpose of this web page is to deliver shady notifications. However, it cannot send them without user permission. To obtain this permission, ladsnow[.]com utilizes clickbait (a deceptive method). Users should not trust ladsnow[.]com and avoid
Our research team discovered this "Claim Aerodrome Rewards" scam, as promoted on distribution-aerodrome-6uo.pages[.]dev (could also be hosted elsewhere), during a routine investigation of suspect sites. This fake platform claims to be distributing various rewards. It operates as a cryptocurrency d
After inspecting the "Samples Of The Product" email, we determined that it is spam. It is presented as a potential purchase order. The spam mail enticed recipients into visiting a phishing website that targets their email account log-in credentials. It must be stressed that the information in thi
Miwgh.co[.]in is a rogue webpage that is designed to promote browser notification spam and redirect visitors to different (likely dubious/malicious) websites. The majority of users access pages like this via redirects caused by sites that utilize rogue advertising networks. Our research team disc
Octo2 is a new version of the Octo banking Trojan targeting Android users. Compared to the old version, the Octo2 includes improved RAT capabilities and anti-analysis and anti-detection techniques. If there is a reason to suspect that a device is infected with Octo2, a scan using a reputable secur
Our inspection of the site (claim-wallstreetmemes.pages[.]dev) has shown that it is one of the scams involving fraudulent offers to participate in an airdrop (cryptocurrency giveaway). The scammers behind these scams aim to trick individuals into taking actions that can result in huge financial lo
While investigating deceptive sites, our researchers discovered the "Claim $REZ" scam. It was endorsed on renzoprotocal.pages[.]dev, but it could be hosted elsewhere. The scheme is presented as an airdrop. However, this "Claim $REZ" page functions as a cryptocurrency drainer. Victims of this scam
Vilsa is a malicious program classed as a stealer. As the class implies, this malware is designed to extract and exfiltrate vulnerable data from compromised machines. Most stealers target log-in credentials (usernames/passwords) of various accounts, personally identifiable information, and finance
Crystal Rans0m is ransomware developed in Rust programming language. During our analysis, we noticed that it not only encrypts files but also steals information. Unlike most ransomware variants, Crystal Rans0m does not append any extension to the encrypted files. The ransom note provided by this r