BTMOB RAT is an Android Remote Access Trojan sold to cybercriminals under a malware-as-a-service model. It gives attackers broad control over infected devices, including the ability to steal data and spy on victims in real time. According to research by ESET, BTMOB RAT was first documented in Febr
While investigating suspicious websites, our research team discovered the jartibbinght[.]com rogue page. After examining it, we determined that it uses deceptive tactics to trick visitors into enabling browser notifications, and then redirects them to other unreliable or harmful sites. Most visito
Our analysis has revealed that clicksafetychallenge.co[.]in is a rogue page designed to trick visitors into granting it permission to send browser notifications. The site uses a fake CAPTCHA widget as bait. If allowed, it delivers misleading security alerts that can expose users to scams and other
Our analysis has revealed that chonateciae[.]com is a rogue page built to deceive visitors into enabling browser notifications. The site uses a fake robot verification prompt as its lure. Once permission is granted, it delivers misleading alerts and other unwanted notifications that can expose use
After inspecting this email, we determined that it is a phishing scam. It poses as an automated notification from a mailbox service provider, falsely claiming the recipient's account is due for an upgrade. The scammers want users to click through to a fraudulent website and hand over their email l
We have examined this email and determined it is a phishing scam. It is designed to look like an automated delivery failure notice, claiming the recipient's outgoing message exceeded the server's size limit. The real goal is to lure the recipient into entering their email credentials on a fake log
RemotePE is a Remote Access Trojan (RAT) attributed to the Lazarus Group, a North Korean state-sponsored hacking collective. According to research by Fox-IT, RemotePE runs entirely in memory and never writes itself to disk, making it extremely difficult to detect with conventional security softwar
After examining this email, we determined that it is a phishing scam. The message poses as an automated alert from a mail security service, claiming the recipient's email deliverability settings need immediate attention. It tricks recipients into clicking a link that leads to a fake website design
We have examined this email and determined it is a phishing scam. It impersonates cPanel Webmail with a false claim that the recipient's mailbox is pending deletion. The scammers behind it seek to steal email login credentials, and the message should be ignored to avoid account compromise.
During our investigation of dubious websites, our team examined tokendisbursement[.]xyz and found that it promotes a fake cryptocurrency airdrop for Red Kitten Crew ($RKC) tokens. The site claims to offer an official distribution of $RKC on the Solana ecosystem. In reality, it is a fraudulent page