During an investigation of dubious websites, our researchers discovered jupag[.]pro - a page built to mimic the legitimate Jupiter platform. The site falsely claims that visitors have frozen JUP token allocations waiting to be claimed. In reality, it is a cryptocurrency drainer designed to steal d
PhantomCard and NFCShare are two researcher-given names for the same Android banking trojan, which uses NFC relay attacks to steal contactless payment card data and PINs. ThreatFabric named the Brazil-targeting build PhantomCard; D3Lab named the Italy-targeting build NFCShare. Both are regional va
NANOREMOTE is a backdoor - a type of malware that opens a hidden channel on an infected computer so that attackers can issue commands and deliver additional payloads at any time. According to research by Elastic Security Labs, NANOREMOTE is part of the REF7707 threat campaign and is closely relate
We have examined this email and concluded that it is an advance-fee scam. The message falsely claims the recipient has won one million dollars through a fictional prize program called "Facebook Casino Online Promotions." There is no prize. Recipients who engage will eventually be pressured into pa
We have examined this email and determined it is a phishing scam impersonating American Airlines. The message falsely claims the recipient's account information has been updated, then pressures them to verify their account through a fraudulent link. Anyone who enters credentials on the resulting p
GodDamn is ransomware discovered by our researchers during a routine inspection of new submissions to the VirusTotal website. It encrypts files and appends a unique victim ID and the .God8Damn extension to their filenames. It also creates a ransom note in a text file named README.TXT. On our test
We have examined this email and concluded that it is a phishing scam. The message is designed to appear as an account alert from an email support service, falsely claiming the recipient's mailbox was restricted due to a server error. It pushes recipients to click a link leading to a fake login pag
We have inspected this email and determined it is a phishing scam. The message falsely claims that a trojan virus was detected on the recipient's email account and directs them to follow steps to secure it. Clicking the provided link leads to a fraudulent page designed to steal email credentials.
While investigating suspicious websites, our team came across ledger-staking.pages[.]dev, a page posing as an official Ledger staking platform. It promises visitors they can stake Ethereum (ETH) and earn passive rewards through the Ledger Live app. In reality, it is a cryptocurrency drainer design
gadgetech.info is a search engine promoted through various browser hijackers and unwanted applications. It does generate its own search results, but those results lean heavily on sponsored advertisements and links to questionable websites. For this reason, gadgetech.info is considered an unreliabl