July 07, 2025
Fake RuneScape private server site, ikovrsps[.]org, tricks users into downloading a malicious Ikov.jar file along with Java allegedly required to play the game. It is actually a trojan that steals data, establishes persistence and drops two second-stage payloads: image.exe and images.exe. Both exhibit low detection rates on VirusTotal, with one impersonating the legitimate RuneLite client. Here's how the attack chain unfolds.
February 20, 2025
OneStart is one of those annoying programs that gets installed without you really wanting it. You download some free software, click through the installer too fast and suddenly your browser has a new homepage and you're seeing extra ads everywhereIt is not exactly malware but it is definitely unwanted
January 10, 2025
Walk through the analysis of a sample that was flagged by a large number of antivirus engines on VirusTotal, yet turned out to be completely harmless. These kinds of high false positives are not uncommon, especially when scripts or tools used for internal automation resemble behaviors typically associated with malware.