Latest from the Lab
Our researchers and analysts share what they're discovering — from zero-day analysis to nation-state TTPs.
Beware of Microsoft Phishing Page: Protect Your Login Credentials
Phishing attacks continue to pose a significant threat to individuals and organizations worldwide. Analysts at SecneurX discovered a sophisticated Microsoft-branded phishing page engineered to harvest login credentials — employing advanced evasion techniques and lookalike domains to bypass email filters and deceive enterprise users.
Unveiling a New Malicious Campaign Exploiting Yolasite.com: A Closer Look
In the ever-evolving landscape of cyber threats, new campaigns emerge with innovative tactics to compromise unsuspecting targets. SecneurX analysts uncovered a malicious campaign leveraging Yolasite.com free hosting to distribute payloads — detailing the full infection chain and providing indicators of compromise for defenders.
What is Ahtw Ransomware
Ahtw is ransomware that belongs to the Djvu/Stop Ransomware family. Analysts at SecneurX observed that among the prominent ransomware attacks, Ahtw encrypts victim files and demands a ransom payment — our full technical analysis covers the infection chain, file encryption routine, and mitigation steps.
What is Neon Ransomware?
Neon is a ransomware that belongs to the Djvu/Stop Ransomware family. Analysts at SecneurX observed that it encrypts victim files and appends the .neon extension. Our team provides a full technical breakdown including persistence mechanisms and decryption guidance for affected victims.
What is Neqp Ransomware?
Neqp is a ransomware that belongs to the Djvu/Stop Ransomware family. Analysts at SecneurX analyzed a live sample — documenting behavioral patterns, file encryption routines, and recommended mitigation strategies for organizations affected by this Djvu/Stop variant.
What is Xash Ransomware?
Xash is ransomware that belongs to the Djvu/Stop Ransomware family. Analysts at SecneurX observed that it targets Windows systems, encrypting files across all user directories and demanding payment via email communication with the threat actor. Full IOC list included.
What is Gash Ransomware?
Gash is ransomware that belongs to the Djvu/Stop Ransomware family. Analysts at SecneurX observed that this variant deploys a bundled information stealer alongside encryption, targeting browser credentials and cryptocurrency wallets in addition to file ransoming.
What is Qopz Ransomware?
Qopz is ransomware that belongs to the Djvu/Stop Ransomware family. Analysts at SecneurX observed that among the prominent ransomware variants, Qopz uses AES-256 encryption and communicates with C2 servers to receive unique decryption keys per victim machine.
BEWARE OF FAKE CHROME UPDATE
SecneurX Analysts found a Fake Chrome Update campaign. Malware authors used compromised websites to display fake Google Chrome update prompts, delivering malware to unsuspecting users who believed they were installing a legitimate browser update.
What is Dark Power Ransomware?
SecneurX Analysts found Dark Power Ransomware in the wild. Dark Power ransomware encrypts files and appends its extension ('.dark_power') to filenames. Our analysis covers its attack chain, persistence mechanisms, ransom note structure, and key indicators of compromise for detection.
Malware Starts up Abusing Microsoft's OneNote
Analysts at SecneurX have found that the Redline malware is abusing Microsoft's OneNote to spread malware. OneNote is one of the most trusted Microsoft apps — making this vector especially effective at evading user suspicion and security filters while delivering its payload.