Physical Address
Lesya Kurbasa 7B
03194 Kyiv, Kyivska obl, Ukraine
I’ve been tracking Hudson ransomware since it first appeared on VirusTotal last week. This nasty piece of work appends the “.{victim’s_ID}.hudson” extension to your files, effectively holding them hostage until you pay up. In my analysis, I’ve uncovered how this…
PayForRepair (also known as .P4R) is a dangerous file-encrypting ransomware belonging to the Dharma ransomware family. This malware targets Windows systems, encrypting user files with strong cryptography and appending them with .P4R extension. After encryption, it demands payment in Bitcoin…
Forgive ransomware represents a significant cybersecurity threat that encrypts victim files and appends them with the “.forgive” extension. First identified through submissions to VirusTotal, this crypto-malware targets Windows systems, locking personal files and demanding a $500 ransom in Ethereum cryptocurrency.…
Hero ransomware (also known as Hero virus) is a file-encrypting malware from the Proton ransomware family that targets Windows computers. This malicious program encrypts victims’ files, appends them with the attackers’ email address and a “.hero77” extension, and demands payment…
Legion Loader is a sophisticated malware dropper first discovered in 2025 that serves as a delivery mechanism for multiple secondary payloads including trojans, ransomware, information stealers, and malicious browser extensions. Distributed primarily through fake CAPTCHA interfaces, deceptive websites, and bundled…
Temeliq Ultra Touch is a potentially unwanted application (PUA) that acts as a dropper for the dangerous Legion Loader malware. First identified in April 2025, this deceptive software is typically distributed through misleading websites like appsuccess[.]monster and bundled software installers.…
Neptune RAT is a Remote Access Trojan targeting Windows systems with an extensive array of dangerous capabilities. Written in Visual Basic .NET and heavily obfuscated, this malware can exfiltrate credentials from over 270 applications, deploy ransomware functionality, monitor desktops in…
DarkMystic is a newly discovered variant of the BlackBit ransomware family that encrypts files, appends them with a “.darkmystic” extension, and demands Bitcoin payment for decryption. First identified on April 14, 2025, this ransomware prepends encrypted filenames with the attackers’…
Slopsquatting is an emerging type of software supply chain attack that leverages AI hallucinations to compromise development environments. This attack vector exploits the tendency of large language models (LLMs) to recommend non-existent package names, which attackers then register and weaponize.…
TROX Stealer is a sophisticated information-stealing malware first identified in December 2024, distributed as a Malware-as-a-Service (MaaS) offering. This multi-stage threat employs complex evasion techniques, including WebAssembly (Wasm) and multiple programming languages, to steal sensitive data ranging from browser credentials…
