Our analysis has revealed that this is a scam email disguised as a message from the IT security team. It urges recipients to click the provided link to avoid issues with their account. The purpose of this phishing email is to steal personal information through a deceptive website. Recipients shoul
GopherRAT is a custom remote access Trojan (RAT) written in Go that connects to an attacker's server using an encrypted channel. Usually, cybercriminals use RATs to steal information, deploy additional malicious tools, deliver malware to other users, and for other malicious purposes. If a system i
DotStealer 2.0 is a malicious program written in the C++ programming language. It is designed to exfiltrate sensitive information from compromised devices. This stealer-type malware also possesses spyware capabilities, such as keylogging. DotStealer 2.0 has been observed being infiltrated
StarshellRAT is a Remote Access Trojan (RAT) written in the C# programming language. Trojans within this classification are designed to enable attackers to access and control machines remotely. StarshellRAT has been utilized in 2025 by a North Korean state-backed threat actor group dubbed "Andari
While investigating questionable websites, our research team found the news-pekota[.]cc rogue page. It operates by endorsing browser notification spam and redirecting visitors to different (likely untrustworthy/harmful) sites. The majority of visitors to news-pekota[.]cc and analogous webpages acc
JelusRAT is a remote access trojan (RAT) that provides remote control over the infected computer. The RAT is written in C++ and uses a loader that unlocks (decrypts) the main malware. Once decrypted, the malware runs directly in memory, instead of being saved as a separate file, making it harder t
Monvertic[.]com is a rogue website discovered by our researchers during an inspection of untrustworthy sites. This page promotes deceptive content (scams) and browser notification spam. It also causes redirects to different (likely unreliable/hazardous) websites. Most users access monvertic[.]com
Our researchers found this fake "BULLFIREX" airdrop during a routine inspection of suspicious websites. After further investigation, we determined that this deceptive page operates as a cryptocurrency drainer – by stealing digital assets from exposed cryptowallets. IMPORTANT NOTE: We do not
While inspecting new submissions to the VirusTotal website, our researchers discovered the Milkyway ransomware. Malware of this kind is designed to encrypt files and demand payment for the decryption. After we executed a sample of this software on our test machine, it encrypted files and added a
Our review of this website (trumpluck[.]hk) shows that it is a scam. It tries to attract individuals by promising a "special bonus" but is actually designed to deceive them. Engaging with the site could lead to losing money (cryptocurrency) or having personal information stolen (or both). It is st