OctoRAT is a remote access Trojan built on the .NET platform. The malware supports over 70 commands, employs persistence methods, and has various ways to bypass UAC and elevate privileges, as well as broad information-gathering capabilities. The functionality and overall design indicate that it is
We have checked this website (testnet-lifeai[.]org) and found that it imitates the original LIFE AI site (lifeai.io). This fraudulent copy is designed to trick visitors into believing that they can receive free tokens. However, it is not a real airdrop and the true purpose of this scam is to steal
Our examination of gerrevitergene.co[.]in shows that it relies on misleading content to pressure visitors into allowing notifications. Once permission is given, it typically sends false alerts and other deceptive notifications that lead users to various unreliable websites. Overall, gerrevitergene
Sysdoz is ransomware that our team has found while inspecting malware samples uploaded to VirusTotal. We have discovered that Sysdoz encrypts files and changes their filenames, and provides a ransom note ("README.TXT"). It appends the victim's ID and the ".sysdoz" extension to filenames. For exam
We have inspected the message and found that it is a phishing email. It is disguised as a notification regarding an email address authentication. Its purpose is to trick recipients into opening the provided website and entering personal information. Victims of this scam may have their accounts com
StreamSpy is a newly identified Trojan used by the Patchwork (APT-Q-36) threat group. It communicates with its command server using both WebSocket and HTTP, utilizing WebSocket for receiving instructions and sending results, and HTTP for tasks such as file transfers. StreamSpy has similarities wit
This "Railgun Rewards" scam masquerades as the RAILGUN protocol. It states that users have unclaimed rewards worth over one thousand US dollars. The scam is not associated with RAILGUN. The goal is to deceive victims into exposing their digital wallets to a cryptocurrency drainer. IMPORTANT
After reviewing this "Email Address Will Be Deactivated As A Security Measure" message, we determined that it is spam. It claims that the recipient's email address will be deactivated, and to avoid service disruptions – the records must be updated. The goal is to trick users into exposing their em
Our researchers discovered this fake "Griffain" site during a routine investigation. It impersonates the Griffain platform and operates as a cryptocurrency drainer. Essentially, victims' digital assets are transferred to scammer-owned wallets. IMPORTANT NOTE: We do not review crypto projects
While browsing dubious websites, our research team discovered the fake "EtherLens Rewards" page. It operates as a cryptocurrency drainer and lures victims into exposing their digital wallets by promising Ethereum (ETH) cryptocurrency rewards. IMPORTANT NOTE: We do not review crypto projects,