Malware analysis, threat reports, and security research by the YonSe team. Each report is a full breakdown: from behavioral analysis to defense recommendations.
Public threat analysis reports. Severity indicates the risk level for the end user.
State-affiliated Russian messenger with clipboard monitoring, root detection, 14 dangerous permissions, dynamic code loading, untrusted code signing. Crashes on Android 15, refuses to run on GrapheneOS. Report incomplete — reverse engineering in progress.
Unsigned 46 MB dropper that extracts payloads into %TEMP%\Barebones\, plays a distraction video via mpv, injects into system processes via WriteProcessMemory, and uses 40s timeout delay for sandbox evasion.
Unofficial Telegram client with built-in Man-in-the-Middle proxy, rogue RSA key injection, disabled PFS, suppressed secret chats, and government censorship infrastructure (RKN). All traffic interceptable.
Multi-component trojan with ransomware capabilities disguised as a MAGIX VEGAS Pro 23 crack. DLL sideloading, 3 persistence mechanisms, injection into 40+ processes, certificate store tampering.
Dynamic and static malware analysis in isolated sandboxes. Full behavioral breakdown with IOC extraction.
Threat source research, attribution, MITRE ATT&CK mapping. Tracking tactics and techniques of active threat groups.
We publish detailed reports publicly so that users and organizations can assess the real risks of popular threats.
Have a suspicious file? Send it to us for analysis. Reach out via Telegram or Matrix — we'll take a look.