Typhon is a stealer-type malware written in the C# programming language. Newer versions of this program are called Typhon Reborn (TyphonReborn). Malware within this classification is designed to extract data from infected systems. The older variants of Typhon have a broader range of functionalitie
While investigating scam emails (e.g., "Geek Squad Email Scam"), we discovered qhelp[.]cc - a scam website used to obtain remote access to computers. Scammers use qhelp[.]cc to trick visitors into installing remote access software via the downloaded "SupportClient.exe" file. Typically, scammers us
Homecarelesspower[.]click is a rogue webpage that our researchers discovered while inspecting unreliable sites. This page runs scams, promotes spam browser notifications, and redirects visitors to other (unreliable/harmful) websites. Most users access webpages like homecarelesspower[.]click via r
Yt2conv[.]com is a website that offers to convert YouTube links to downloadable MP3 audio files. In addition to this service breaking copyright laws, this site uses rogue advertising networks which are known to promote deceptive and malicious content. Websites using rogue advertising netwo
While inspecting deceptive sites, our research team discovered one endorsing the Search-Zone browser extension. After analyzing this piece of software, we learned that it operates as a browser hijacker. Search-Zone modifies browsers in order to cause to the searchzone.xyz fake search engine.
After examining this email, our team found that it was sent by cybercriminals who aim to trick recipients into infecting their computers with malware via malicious attachments. Threat actors claim that files attached to the email are invoices. The type of malware that is distributed via those file
While surfing deceptive pages, we discovered an application called EssentialModule. Our team tested this app and found that it displays annoying advertisements. Thus, we classified EssentialModule as adware. It is worth mentioning that users do not normally download and install adware knowingly.
After analyzing this "TEXTIMA Export" spam email, we determined that it is designed to infect recipients' devices with the FormBook malware. It must be emphasized that this scam mail is in no way associated with the actual Textima Export Import GmbH company. The spam email with the subject
DTrack is a piece of malware capable of logging keystrokes, capturing screenshots, collecting browsing history, stealing files, injecting additional payloads, and more. Threat actors can use to steal various sensitive information, infect computers with other malware, and for other purpose. It is
Ahmyth is a Remote Access Trojan (RAT) targeting Android users. It is distributed via trojanized (fake) applications. Ahmyth RAT steals cryptocurrency and banking credentials, 2FA codes, lock screen passcodes, and captures screenshots. Ahmyth steals cryptocurrency and banking accounts usin