Poseidon is a stealer-type malware targeting macOS devices. This malicious program seeks to acquire files, log-in credentials, cryptowallets, and other sensitive information. In the early summer of 2024, Poseidon was observed proliferating via malicious Google ads. As mentioned in the in
After inspecting "$CRV Supply", we determined that it is a scam. It imitates the Curve Finance platform (curve.fi). The scheme is supposedly running a poll, the participants of which will receive a booster on all platform deposits. Instead, the scam operates as a cryptocurrency drainer. Victims r
Moresearchhh.com is the address of a fake search engine – a page that supposedly operates as an Internet search site yet cannot generate search results. Websites of this kind are typically promoted (via redirects) by browser hijackers. Fraudulent search engines are considered a minor privacy threa
After investigating the "Redundancies Across The Organization" email, we determined that it is malspam. This malicious mail is presented as the recipient's termination notice from their place of employment. The email attachment supposedly details the layoff and final payment. Instead, the attache
Ragnoocie[.]com is a rogue webpage discovered by our researchers during a routine investigation of questionable sites. It promotes dubious content and spam browser notifications. Additionally, the page can redirect users elsewhere (likely untrustworthy/hazardous) websites. Most visitors to webpag
We discovered the "Free Penguin NFT" scam while inspecting spam emails. This scheme is presented as the OpenSea platform (opensea.io) offering a free NFT (Non-Fungible Token). It operates as a cryptocurrency drainer. It must be emphasized that this giveaway is fake, and it is in no way associated
Snowblind is a piece of malicious software targeting Android devices. This malware has been around since at least early 2024. Snowblind is capable of variously manipulating applications; it has been leveraged against Southeast Asian banking apps. By far the most notable feature of this malicious
After inspecting "Humanitarian Aid To Palestinians", we determined that it is a scam. It imitates the website of the Anera humanitarian organization (anera.org). This scheme lures users into exposing their digital wallets to a crypto drainer by presenting it as a donation effort for Palestinians
Our research team discovered an installer containing PubQuo promoted by a deceptive webpage, which was accessed via a redirect generated by a Torrenting website using rogue advertising networks. PubQuo is a PUA (Potentially Unwanted Application). Software within this classification typically has
Rafel (also known as Ratel) is an open-source Remote Access Trojan (RAT) that targets Android devices. This program enables remote control over infected machines. Rafel can manipulate devices, steal data, and operate as ransomware. This RAT is compatible with Android versions 5 through 12 and has