ShadyPanda is a family of malicious browser extensions responsible for over four million infections. These extensions are connected by overlapping code, identical obfuscation, and shared infrastructure. Some operated as advertised and remained dormant for years before an update introduced maliciou
Syntrix is a RAT (Remote Access Trojan) based on the Quasar RAT (specifically, the 1.4.1 version). Trojans within this classification are designed to allow attackers to access and control devices remotely. Syntrix was developed with an emphasis on stealth. It is a multifunctional piece of maliciou
After inspecting this "Change To The Webmail Access Interface" email, we determined that it is spam. The message urges recipients to update their email account information to avoid interruptions to the service. This spam campaign aims to trick users into disclosing their account log-in credentials
OctoRAT is a remote access Trojan built on the .NET platform. The malware supports over 70 commands, employs persistence methods, and has various ways to bypass UAC and elevate privileges, as well as broad information-gathering capabilities. The functionality and overall design indicate that it is
We have checked this website (testnet-lifeai[.]org) and found that it imitates the original LIFE AI site (lifeai.io). This fraudulent copy is designed to trick visitors into believing that they can receive free tokens. However, it is not a real airdrop and the true purpose of this scam is to steal
Our examination of gerrevitergene.co[.]in shows that it relies on misleading content to pressure visitors into allowing notifications. Once permission is given, it typically sends false alerts and other deceptive notifications that lead users to various unreliable websites. Overall, gerrevitergene
Sysdoz is ransomware that our team has found while inspecting malware samples uploaded to VirusTotal. We have discovered that Sysdoz encrypts files and changes their filenames, and provides a ransom note ("README.TXT"). It appends the victim's ID and the ".sysdoz" extension to filenames. For exam
We have inspected the message and found that it is a phishing email. It is disguised as a notification regarding an email address authentication. Its purpose is to trick recipients into opening the provided website and entering personal information. Victims of this scam may have their accounts com
StreamSpy is a newly identified Trojan used by the Patchwork (APT-Q-36) threat group. It communicates with its command server using both WebSocket and HTTP, utilizing WebSocket for receiving instructions and sending results, and HTTP for tasks such as file transfers. StreamSpy has similarities wit
This "Railgun Rewards" scam masquerades as the RAILGUN protocol. It states that users have unclaimed rewards worth over one thousand US dollars. The scam is not associated with RAILGUN. The goal is to deceive victims into exposing their digital wallets to a cryptocurrency drainer. IMPORTANT