GHOSTFORM is a .NET-based remote access trojan (RAT) that combines multiple attack capabilities into a single binary and executes PowerShell scripts directly in memory. It uses evasion techniques such as invisible Windows forms and delayed execution timers to help avoid detection. If detected, GHO
Oblivion RAT is a remote access Trojan that allows attackers to control Android devices remotely. It is sold as a malware-as-a-service (MaaS), with prices ranging from $300 per month to $2,200 for lifetime access. The service provides tools to create infected apps, fake update pages to trick users
Our team has analysed the email and found that it contains a fraudulent alert regarding a firmware update. The message is designed to appear as if it comes from Ledger, a legitimate cryptocurrency hardware wallet provider. The fraudsters behind this scam attempt to lure recipients to a fraudulent
We have examined the email and discovered that it is a scam. It is presented as a message (a security alert) from Ledger, a legitimate company that produces hardware wallets for cryptocurrency. The scammers behind this deceptive email aim to trick recipients into opening a fake website and enterin
Our team has inspected the message and found that it is disguised as a legitimate honeymoon-related customer service request. However, it contains a link designed to download a malicious file. Interacting with the downloaded file can result in a system infection. Thus, recipients should ignore thi
We have reviewed the message and found that it is a phishing attempt crafted to appear as a notification from an email service provider. The scammers behind this scam campaign aim to trick recipients into sharing personal information on a deceptive site. Victims of this scam may experience account
Upon inspecting the website (overview-keeta[.]pro), we concluded that it mimics the original Keeta page (keeta.com) to trick visitors into believing that they can receive rewards. The fraudulent version is designed to trick unsuspecting individuals into taking actions that can result in the theft
During our examination of prisporbinagena[.]com, we uncovered that the purpose of this website is to trick visitors into agreeing to receive its notifications. Like most similar pages, prisporbinagena[.]com uses clickbait to get permission to send notifications. Trusting such sites can expose user
Our inspection shows that this is a phishing email designed to appear as a notification from an email service provider. The email includes a link to a fake website crafted to trick visitors into entering personal information. The scammers behind it seek to gain access to email and possibly other a
We have reviewed the site (airdrop.tariprotocol[.]com) and determined that it is a scam page posing as the original Tari platform, airdrop.tari.com. The fraudulent copy is operated by scammers who seek to steal cryptocurrency from unsuspecting visitors. It should not be trusted to avoid financial