The “New Web Browser Just Signed In” email is part of a phishing campaign that tries to steal users’ email login credentials. The email is disguised to look like a security alert from the email provider and informs that someone tried to log in to the account. The email asks whether the login attempt was from the email recipient and…
The “American Express – ChargeBack Payment” email is part of a phishing campaign that aims to steal users’ American Express account login credentials. The email falsely claims that a chargeback of $1218.16 has been successfully adjusted and can be reviewed by clicking on the provided button. However, if users click on the button, they will be taken to a fake…
SwaetRAT malware is a remote access trojan that has many malicious features that can put users’ computers and data in jeopardy. If it successfully infects a device, it gives its operators unauthorized control over the device. The trojan can monitor users’ activities, steal highly sensitive information, and more. In short, it’s a very serious infection that, if unnoticed, can have…
Held ransomware is a type of malware that encrypts files. It comes from the Djvu/STOP ransomware family. The malicious actors behind this ransomware family release new versions regularly, and Held ransomware is one of the more recent ones. The versions can be differentiated by the extensions they add to encrypted files. This ransomware adds .held to all files it encrypts. Unfortunately,…
GURAM ransomware is a file-encrypting type of infection that essentially takes files hostage. The ransomware targets all personal files, encrypts them, and demands payment for their recovery. The ransomware can be identified by the extension it adds to encrypted files. Specifically, it adds a .{victims’ IDs}.GURAM to file names. Files that have this extension will not be openable unless you…
PlainGnome Android malware is a stealer trojan that targets Android devices. The trojan is believed to be operated by Gamaredon, a threat actor affiliated with the Federal Security Service of the Russian Federation (FSB). The malware appears to target Russian-speaking users in former USSR states, such as Uzbekistan, Kazakhstan, and Kyrgyzstan. The malware intends to steal information like call logs,…
The “Removal Of Dormant/Inactive Accounts” email is part of a phishing campaign targeting users’ email account credentials. The email falsely informs the recipient that they must confirm that their account is still active by clicking the provided button. Otherwise, the email account will supposedly be deleted if it’s not confirmed. However, if users engage with the email, they will get…
The “Some-one Try To Login Into Your Mailbox Address” email is part of a phishing campaign that aims to steal users’ email login credentials. The email claims that someone tried to log into the recipient’s email account, and if the recipient wants to continue using the account, they need to verify their account by clicking on the provided link. If…
The “Your Shipment With DHL Express Is On Its Way” email is part of a phishing email campaign that intends to steal users’ email login credentials. The email is disguised as a parcel delivery notification from DHL and claims that the recipient has a delivery on its way. The email has an attachment that supposedly contains the tracking number, and if…
SteelFox trojan is a malicious infection with a large range of features. Specifically, it’s a malicious bundle that contains a dropper, a loader, a miner, and a stealer infection. Users’ computers get infected primarily via popular software cracks, which users download via torrents, forums, and blogs. The malware operates as a miner and uses the device’s resources to mine for…