CallPhantom is a cluster of fraudulent Android applications distributed through the official Google Play Store. These apps falsely promised to retrieve call logs, SMS records, and WhatsApp history for any phone number. According to ESET researchers, the 28 apps in this campaign amassed over 7.3 mi
After inspecting this email, we determined that it is a phishing scam. The message is disguised as a business invitation to review a Request for Quotation (RFQ), but its real purpose is to send recipients to a fake email login page that steals account credentials. The email should be ignored to av
Our researchers investigated Search Control for Chrome and found it to be a browser hijacker. This extension changes the browser's default search engine to search.capredirectapp.com - a fake search engine that cannot generate its own results. Users who have Search Control for Chrome installed are
During an investigation of dubious websites, our researchers discovered jupag[.]pro - a page built to mimic the legitimate Jupiter platform. The site falsely claims that visitors have frozen JUP token allocations waiting to be claimed. In reality, it is a cryptocurrency drainer designed to steal d
PhantomCard and NFCShare are two researcher-given names for the same Android banking trojan, which uses NFC relay attacks to steal contactless payment card data and PINs. ThreatFabric named the Brazil-targeting build PhantomCard; D3Lab named the Italy-targeting build NFCShare. Both are regional va
NANOREMOTE is a backdoor - a type of malware that opens a hidden channel on an infected computer so that attackers can issue commands and deliver additional payloads at any time. According to research by Elastic Security Labs, NANOREMOTE is part of the REF7707 threat campaign and is closely relate
We have examined this email and concluded that it is an advance-fee scam. The message falsely claims the recipient has won one million dollars through a fictional prize program called "Facebook Casino Online Promotions." There is no prize. Recipients who engage will eventually be pressured into pa
We have examined this email and determined it is a phishing scam impersonating American Airlines. The message falsely claims the recipient's account information has been updated, then pressures them to verify their account through a fraudulent link. Anyone who enters credentials on the resulting p
GodDamn is ransomware discovered by our researchers during a routine inspection of new submissions to the VirusTotal website. It encrypts files and appends a unique victim ID and the .God8Damn extension to their filenames. It also creates a ransom note in a text file named README.TXT. On our test
We have examined this email and concluded that it is a phishing scam. The message is designed to appear as an account alert from an email support service, falsely claiming the recipient's mailbox was restricted due to a server error. It pushes recipients to click a link leading to a fake login pag