SapphireStealer is an information-stealing malware. Its codebase was released to GitHub in December 2022. Since then, several variants with differing capabilities have been discovered. Due to this, it is likely that SapphireStealer is used by multiple threat actors. It is noteworthy that this ste
While assessing the HaastsEagle browser extension, we encountered troubling behavior. Notably, it introduces the "Managed by your organization" feature into Chrome browsers. Our discovery of HaastsEagle occurred during the examination of a malicious installer obtained from an untrustworthy website
SuperBear is the name of a Remote Access Trojan (RAT). Programs within this category operate by enabling remote access and control over devices. RATs can be highly versatile; however, research shows that SuperBear is a targeted malware. Likewise, this trojan has been used in strongly targeted att
Remo is an Android banking Trojan that exploits the Accessibility service to illicitly acquire sensitive data. This malicious software specifically focuses on over 50 banking and cryptocurrency wallet applications. Remo primarily directs its attacks toward banking applications in the regions of Vi
"Signed Agreement" is a phishing email. It attempts to lure the recipient into providing their email account log-in credentials into the attachment (phishing file) by claiming that it contains remittance information. Victims of this spam mail can lose their emails and experience other serious issu
Our team has reviewed this email and found that its intent is to entice recipients into revealing their personal information. It includes a file that presents a fake form, prompting users to share sensitive details. It is imperative to disregard such emails. In this phishing email, the sen
Our investigation of this email revealed that it is a phishing attempt, disguising itself as a notification from an email service provider. Scammers use this tactic to trick recipients into visiting a fake website and sharing their personal information. Therefore, it is highly recommended that rec
While examining the AdditionalResults application, our team noticed that it displays various advertisements. For this reason, we categorized AdditionalResults as adware. It is worth noting that software of this type is often promoted and distributed in deceptive ways. Thus, users often install i
Our researchers discovered the Turbo Download browser extension while investigating suspicious websites. According to its promotional material, this piece of software is advertised with the following functionalities: fast and secure downloads, all webpage image download in a single click, multi-se
While inspecting dubious websites, our research team discovered the ivvilonn[.]com rogue page. It promotes scams and browser notification spam. Furthermore, this webpage can redirect visitors to other (likely untrustworthy or harmful) sites. Most users access pages like ivvilonn[.]com through red