RDStealer is a data-stealing malware written in the Go programming language. This stealer's infection chain includes the Logutil backdoor – a type of malware designed to open a "backdoor" into a system to further the infection. Logutil is likewise based on Go, and it is a cross-platform malware ca
Our team discovered that vanttop[.]com is an untrustworthy page designed to lure visitors into granting it permission to send notifications. Users who visit vanttop[.]com are presented with misleading content (an image and text). It is worth noting that users rarely visit sites like vanttop[.]com
FadeStealer is an information stealer equipped with wiretapping capabilities. Additionally, it incorporates a backdoor created using GoLang, leveraging the Ably platform (a legitimate platform designed for instantaneous data transfer and messaging) as an exploit. It is known that FadeStealer is di
During our investigation of suspicious websites and associated advertisements, we came across a technical support scam site that displays a deceitful pop-up message falsely indicating that the Windows operating system is infected. Such pages are usually created with malicious intentions, aiming to
OnlyFans malware refers to a malware campaign that employs deceptive techniques involving counterfeit OnlyFans content and adult-themed lures. The primary objective of this campaign is to install a Remote Access Trojan (RAT) and potentially other forms of malware on the targeted systems. A RAT is
While inspecting au01[.]bid, our team discovered that this website presents deceptive content to receive permission to show notifications. Also, au01[.]bid redirects visitors to other pages. Our encounter with au01[.]bid occurred while examining pages associated with rogue advertising networks.
While investigating dubious websites, our researchers discovered the "your-result" browser extension. It promises to minimize webpage errors and provide site performance data. However, after examining this piece of software, we determined that it is adware. Adware stands for advertising-su
DefaultWindow is a rogue application classified as adware. We discovered this app while investigating new submissions to the VirusTotal site. DefaultWindow is designed to deliver intrusive advertisement campaigns, and it may have additional harmful abilities. This piece of advertising-supported
Calendar New Tab is a browser extension that we found while inspecting suspicious sites. It is endorsed as an extension that displays a calendar on the browser. However, Calendar New Tab makes changes to browser settings in order to generate redirects to the calendarnewtab.com fake search engine.
"Emails From A Trusted Sender" is a phishing email. It aims to trick recipients into disclosing their mail account log-in credentials by claiming that several emails failed to reach the inbox. The spam email with the subject "FYI: [recipient's_email_address] LAST WARNING; INCOMING MAIL BLO