Borat is the name of a remote access Trojan (RAT). Cybercriminals use RATs to obtain access and remote control on the infected computers. The Borat RAT can be used to deliver ransomware, log keystrokes, perform DDoS attacks, steal login credentials from browsers, and more. Borat includes a
RED TEAM is ransomware that we have discovered while examining the malware samples submitted to VirusTotal. It was found that this ransomware belongs to the Babuk family. It encrypts files, appends the ".REDTM" extension to filenames, and creates the "HowToDecryptYourFiles.txt" file (a ransom note
Bec is the name of a new Sojusz ransomware variant. After examining this variant, we found that it encrypts files, appends a string of random characters, the beacon@jitjat.org email address, and ".bec" extension to filenames. It also creates the "!!!HOW_TO_DECRYPT!!!.txt" file that contains a rans
Flskon[.]click is an untrustworthy website that runs a scam similar to "Dear [ISP name] user, Congratulations!" and asks for permission to show notifications. We discovered this site while examining various illegal movie streaming pages and torrent sites (and other pages that use rogue advertising
Our team has discovered the Dark-View browser extension on a deceptive website claiming that it might be required to install this app (for an unspecified reason). We have examined Dark-View and found that it is an advertising-supported application - it generates unwanted advertisements. Ty
F5Z8A is the name of a ransomware variant that we have discovered while analyzing malware samples submitted to the VirusTotal page. It was found that F5Z8A encrypts files and appends the ".F5Z8A" extension to filenames. It also generates a ransom note (the "@@@ To Restore Your Files.txt" file) con
Gooddaywith-captcha[.]top is a deceptive website that shows a fake CAPTCHA to trick visitors into allowing it to show notifications. Also, this page redirects to other untrustworthy websites. Our team has discovered gooddaywith-captcha[.]top while inspecting sites that use rogue advertising networ
After examining this email, we concluded that it is a phishing email used to trick recipients into providing their email account login credentials. It is disguised as a letter from an email service provider regarding some new policy. It contains a website link designed to open a deceptive page.
We have discovered the desktopnotificationshub[.]com page while examining other sites (illegal movie streaming, torrent, and similar pages) that use shady advertising networks. We found that desktopnotificationshub[.]com uses a clickbait technique to get permission to show notifications. It also r
Lightning Stealer is a piece of malware discovered by 3xp0rt. This stealer targets Steam, Telegram, Discord, and cryptocurrency wallet data, passwords, and cookies. It has its administration panel created to manage data logs. Lightning Stealer is sold for 300 rubles for a week, 500 rubles for a mo