EKZ Stealer is an information stealer designed to silently extract saved passwords, cookies, autofill data, and payment card details from web browsers on infected Windows computers. According to research by Arctic Wolf, it was first observed in May 2026 as part of a campaign targeting organization
While investigating suspicious websites, our researchers came across vote-flarefoundation[.]com, a fraudulent page impersonating the official Flare Network platform. The site lures visitors with a fake "FLR Season 2" voting rewards event. Its actual purpose is to steal cryptocurrency through a wal
DebugElevator is a credential-stealing malware distributed via a supply chain attack on popular Laravel PHP developer packages. According to research by StepSecurity, Aikido Security, and Socket, attackers compromised four Laravel Lang repositories and injected a dropper that silently downloads an
We have inspected this email and determined it is a phishing scam. Disguised as a routine service notification from Dropbox, it lures recipients into visiting a fraudulent website that steals their email account credentials. This email should be ignored. The email claims the recipient is n
After inspecting this email, we determined that it is a scam. The message pretends to be a security notification from Microsoft Outlook warning that the recipient's email client is out of date. Its real purpose is to push people onto a fake login page that steals email account credentials. The ema
During a routine investigation, our researchers discovered search-crown.com - a fake search engine that is promoted through various browser hijackers and unwanted browser extensions. Users whose browsers are affected by this type of software are redirected to search-crown.com without their consen
While investigating suspicious websites, our research team discovered the underont[.]com rogue page. It uses a fake human verification prompt to trick visitors into allowing browser notifications. Once permission is granted, underont[.]com delivers misleading alerts and advertisements that can exp
Our researchers discovered prozonelarantix.co[.]in while investigating dubious websites. After examining this rogue page, we determined that it promotes browser notification spam and generates redirects to other (likely unreliable/dangerous) sites. Prozonelarantix.co[.]in presents visitors
Our researchers discovered nomososkledne[.]com while investigating dubious websites. After examining this rogue page, we determined that it promotes browser notification spam and generates redirects to other (likely unreliable/dangerous) sites. Most visitors reach pages like this via redirects cau
OverlayPhantom is an Android banking trojan that targets more than 180 banking, financial, and cryptocurrency applications across ten countries. Once installed, it hides under the name "Google Play Services" and overlays fake login screens on top of real banking apps to steal credentials. OverlayP