The “Spotify Subscription Update” scam email is part of a phishing campaign intended to steal users’ financial information. The email falsely informs users that their Spotify subscriptions have ended because of a payment issue. To supposedly continue using their premium accounts, users need to update their payment information. If users click on the link provided in the email, they’ll be…
The “Storage Space Running Low” email falls into the phishing email category. The email targets users’ email account login credentials. It claims that issues have been detected on users’ email accounts and failure to resolve them may result in the deletion of the accounts. Supposedly, recipients’ accounts are running low on storage but the issue can be solved if users…
The “Chase – Suspicious Activity” email is part of a phishing campaign that claims unusual activity has been detected on users’ Chase accounts. According to the email, users need to review their accounts for security reasons. The email is targeting users’ login credentials, and if users fall for this phishing attempt, their Chase accounts could be compromised. This is a…
The “New Web Browser Just Signed In” email is part of a phishing campaign that tries to steal users’ email login credentials. The email is disguised to look like a security alert from the email provider and informs that someone tried to log in to the account. The email asks whether the login attempt was from the email recipient and…
The “American Express – ChargeBack Payment” email is part of a phishing campaign that aims to steal users’ American Express account login credentials. The email falsely claims that a chargeback of $1218.16 has been successfully adjusted and can be reviewed by clicking on the provided button. However, if users click on the button, they will be taken to a fake…
SwaetRAT malware is a remote access trojan that has many malicious features that can put users’ computers and data in jeopardy. If it successfully infects a device, it gives its operators unauthorized control over the device. The trojan can monitor users’ activities, steal highly sensitive information, and more. In short, it’s a very serious infection that, if unnoticed, can have…
Held ransomware is a type of malware that encrypts files. It comes from the Djvu/STOP ransomware family. The malicious actors behind this ransomware family release new versions regularly, and Held ransomware is one of the more recent ones. The versions can be differentiated by the extensions they add to encrypted files. This ransomware adds .held to all files it encrypts. Unfortunately,…
GURAM ransomware is a file-encrypting type of infection that essentially takes files hostage. The ransomware targets all personal files, encrypts them, and demands payment for their recovery. The ransomware can be identified by the extension it adds to encrypted files. Specifically, it adds a .{victims’ IDs}.GURAM to file names. Files that have this extension will not be openable unless you…
PlainGnome Android malware is a stealer trojan that targets Android devices. The trojan is believed to be operated by Gamaredon, a threat actor affiliated with the Federal Security Service of the Russian Federation (FSB). The malware appears to target Russian-speaking users in former USSR states, such as Uzbekistan, Kazakhstan, and Kyrgyzstan. The malware intends to steal information like call logs,…
The “Removal Of Dormant/Inactive Accounts” email is part of a phishing campaign targeting users’ email account credentials. The email falsely informs the recipient that they must confirm that their account is still active by clicking the provided button. Otherwise, the email account will supposedly be deleted if it’s not confirmed. However, if users engage with the email, they will get…