May 17, 2026
WhatsApp has become an increasingly common delivery vector for malware campaigns, especially those leveraging social engineering to bypass initial trust barriers. In this analysis, we break down a multi-stage infection chain that begins with a seemingly harmless VBS script and evolves into a cloud-hosted payload delivery mechanism, ultimately leading to an MSI-based backdoor execution. Through static and behavioral analysis, we will uncover how each stage contributes to execution, persistence and potential command-and-control communication.
July 20, 2025
RAT is such a famous type of malware, short for Remote Access Trojan, and it has remained a favorite tool among cybercriminals for more than a decade. From old-school backdoors to modern modular threats, the concept remains the same, full remote control of the victim system. In this analysis, we will go through static and dynamic analysis to uncover its persistence tricks, command handling and infostealer features.
July 07, 2025
Fake RuneScape private server site, ikovrsps[.]org, tricks users into downloading a malicious Ikov.jar file along with Java allegedly required to play the game. It is actually a trojan that steals data, establishes persistence and drops two second-stage payloads: image.exe and images.exe. Both exhibit low detection rates on VirusTotal, with one impersonating the legitimate RuneLite client. Here's how the attack chain unfolds.
May 05, 2025
Obfuscated PowerShell script has been identified that loads a .NET assembly into memory and executes it from memory. This malware sample is a batch file script but it contains PowerShell component exhibits multiple techniques commonly associated with fileless attacks such as Base64 encoding, GZIP compression, byte-order manipulation and reflective in-memory loading via the .NET runtime. Deobfuscation and stepwise analysis reveal how the loader achieves stealthy execution without writing the final binary to disk, classic fileless tricks to stay hidden and annoy defenders.
February 20, 2025
OneStart is one of those annoying programs that gets installed without you really wanting it. You download some free software, click through the installer too fast and suddenly your browser has a new homepage and you're seeing extra ads everywhereIt is not exactly malware but it is definitely unwanted