PlainGnome is an Android-specific spyware. It is designed to record and steal vulnerable information from infected devices. PlainGnome emerged in 2024. This malware is associated with Gamaredon (also known as Primitive Bear and Shuckworm) – a Russian state-backed threat actor, specifically affili
BoneSpy is an Android-targeting spyware that has been around since at least 2021. This malicious program has its basis from the Russian open-source surveillance software DroidWatcher. BoneSpy is associated with a Russian threat actor dubbed Gamaredon (aka Primitive Bear and Shuckworm). This group
Our discovery of X101 occurred during the inspection of samples submitted to VirusTotal. Upon examining X101, we concluded that it is ransomware that encrypts files, generates a ransom note ("!!!HOW_TO_DECRYPT!!!.TXT"), and renames files by appending the victim's ID and ".X101" extension. For ins
Our examination of the "Failed Login Attempt" email revealed that it is spam. It promotes a phishing scam that targets email log-in credentials. This deceptive message claims that a failed sign-in attempt has been registered on the recipient's account. The spam email with the subject "UNUS
Our team has studied streamads-site[.]com and learned that it presents deceptive content to obtain permission to show notifications. If permitted, streamads-site[.]com can send fake warnings and other misleading notifications to promote potentially malicious pages. Thus, streamads-site[.]com shoul
We have reviewed the email and found it to be a phishing email. Scammers behind this email aim to trick recipients into thinking they received a notification from an email service provider. The goal is to steal personal information through a deceptive website. Recipients should not respond to this
Our team has examined labsecur[.]site and found that it hosts the "TROJAN_2023 And Other Viruses Detected (5)" scam. Also, labsecur[.]site requests permission to show notifications. Granting this site permission to send notifications can expose users to more scams and other risks. Thus, users shou
Our examination of the "Account Services Have Been Marked For Suspension" email revealed that it is spam. The fake message claims that the recipient's account is pending suspension due to violations of the service's terms and conditions. This spam mail promotes a phishing website that targets emai
Our discovery of Starcat occurred while inspecting malware samples submitted to VirusTotal. Upon examining Starcat, we concluded that it is ransomware that encrypts files (and makes them hidden after encryption) on the infected device. Also, Starcat changes the desktop wallpaper, creates a ransom
Our team has inspected the email and discovered that it is designed to trick recipients into believing they have received a document and follow the provided instructions. The ultimate goal is to extract personal information via a fake web page. In essence, this is a phishing email and it should be