Mirax RAT is a Remote Access Trojan targeting Android devices. First analyzed by the Cleafy Threat Intelligence Team in March 2026, it primarily focuses on Spanish-speaking users and is designed to spy on victims, steal sensitive data, and silently route internet traffic through infected phones.
Beagle is a backdoor - a type of malware that gives attackers a hidden, persistent channel into an infected computer. According to research by Sophos X-Ops, it was distributed through a fake website designed to impersonate the legitimate Claude AI platform. Visitors were tricked into downloading
We have examined this email and determined it to be a scam. The message falsely claims the recipient has been selected to receive a large charitable donation from a famous person's foundation. It is a classic advance-fee fraud designed to extract money and personal information from unsuspecting re
We have examined this email and determined it is a phishing scam. Disguised as a security notice from corporate IT, the message falsely claims the recipient's password has expired and urges them to click a "Review" link. That link leads to a fake login page designed to steal email credentials. Thi
QUIC RAT is a Remote Access Trojan (RAT) that lets attackers secretly control infected Windows computers. Kaspersky researchers documented its use during a supply chain attack on Daemon Tools, a widely used Windows disc-imaging utility, in which trojanized installers signed with valid certificates
CallPhantom is a cluster of fraudulent Android applications distributed through the official Google Play Store. These apps falsely promised to retrieve call logs, SMS records, and WhatsApp history for any phone number. According to ESET researchers, the 28 apps in this campaign amassed over 7.3 mi
After inspecting this email, we determined that it is a phishing scam. The message is disguised as a business invitation to review a Request for Quotation (RFQ), but its real purpose is to send recipients to a fake email login page that steals account credentials. The email should be ignored to av
Our researchers investigated Search Control for Chrome and found it to be a browser hijacker. This extension changes the browser's default search engine to search.capredirectapp.com - a fake search engine that cannot generate its own results. Users who have Search Control for Chrome installed are
During an investigation of dubious websites, our researchers discovered jupag[.]pro - a page built to mimic the legitimate Jupiter platform. The site falsely claims that visitors have frozen JUP token allocations waiting to be claimed. In reality, it is a cryptocurrency drainer designed to steal d
PhantomCard and NFCShare are two researcher-given names for the same Android banking trojan, which uses NFC relay attacks to steal contactless payment card data and PINs. ThreatFabric named the Brazil-targeting build PhantomCard; D3Lab named the Italy-targeting build NFCShare. Both are regional va