Solutions
By Platform
DarkArmor

Enterprise-level Prebreach Technology

ProtectMe

Research and personal security

By Industry
Retail

Customer, supply chain, and vendor access protection

Education

Protect staff and student credentials, brand, and reputation

All Solutions
Why Us
About Us
Blog
Contact
October 27, 2025

TG-VoIP-001: Cryptocurrency-Based VoIP Infrastructure Promoted via Telegram

Our threat hunting team uncovered a suspicious VoIP/SIP infrastructure tied to malicious activity on Telegram’s marketplace. This network advertises IP telephony for call centers but exhibits hallmarks of gray-market operations using cryptocurrency

August 4, 2025

How a Nigerian Hacker Uses AI to Build Cybercrime Tools and Launch Phishing Attacks

Our platform collected and analyzed over 3,000 screenshots from a Nigerian-based cybercriminal, giving a special behind-the-scenes look into the daily operations of a modern threat actor, revealing how campaigns are built with the help of AI.

July 1, 2025

Phishing Attack Targets Canadian Infrastructure on Canada Day

Our systems detected a coordinated phishing campaign leveraging PDF-themed lures to harvest user email credentials. The attackers used socially engineered emails that mimicked service notifications, account updates, and login requests.

June 19, 2025

Threat Insight: Cybercriminals Abusing Vercel to Deliver Remote Access Malware

CyberArmor has identified a phishing campaign leveraging Vercel, a legitimate frontend hosting platform, to distribute a malicious version of LogMeIn, a legitimate remote access tool, by cybercriminals to gain full control over victims’ machines.

May 8, 2025

Hacker Exploits Social Security Statement Theme to Target Over 2,000 Victims with Malware

In a recent campaign uncovered by CyberArmor analysts, cybercriminals exploited the official them of the Social Security Administration (SSA) in a convincing phishing lure that deceived over 2,000 individuals into downloading malware.

April 1, 2025

Uncovered: How Cybercriminals Scam Each Other Using Fake USDT Sender Software

Uncover how cybercriminals exploit legitimate software to socially engineer users into downloading and executing malicious programs. Once launched, the software takes full control of the user’s machine.

February 11, 2025

Inside a Malware Campaign: A Nigerian Hacker’s Perspective

On 02/07/2025, our platform obtained various screenshots taken from a malware stealer (infostealer) showing a cybercriminal, whom we believe to be from Nigeria (based on his IP address), performing various activities in a malware campaign.

December 4, 2024
Investment Scam: The Operations

An analysis of an active investment scam targeting individuals through online platforms. The scheme is disguised as either a job opportunity or a high-yield investment and uses sophisticated social engineering and cryptocurrency transactions.

November 29, 2024
Investment Scam Playbook: From Job Recruitment To Investment Scam

Scams have evolved from basic phishing emails to sophisticated multi-stage operations that prey on individuals’ vulnerabilities. The “Investment Scam” starts with an unsuspecting job recruitment message and culminates in devastating financial loss.

November 24, 2024
Vietnamese Phishers Target Meta Business Owners with Over 400 Phish Pages

On November 23, 2024, our researchers uncovered a sophisticated phishing campaign targeting Meta business account owners. Vietnamese threat actors, referred to as quyetnd288, created over 400 phishing sites aimed at stealing login credentials for Meta accounts and associated business email accounts from unsuspecting users.

November 11, 2024
Understanding Coinbase Account Checking

Account checking, also known as credential stuffing or account validation, is a tactic used by cybercriminals to verify whether certain accounts exist on a platform, typically depending on automated scripts and software.

July 17, 2024
White Snake: Latest Campaign With Multi-Stage Malware Dropper

Threat actors are constantly developing sophisticated methods to compromise systems. One of the latest threats is the Tax Invoice-themed campaign, which employs a multi-stage malware dropper to deliver the WhiteSnake malware stealer.

Get Our Report

Nigerian Hacker Exposed: AI, Infrastructure, and Love

DarkArmor collected and analyzed over 3000 screenshots from a Nigerian cybercriminal’s desktop, and what we uncovered goes far beyond the outdated image of “419 scams”. Learn how automation helped him launch attacks at scale.

Download
June 19, 2024
New North Korean-Based Backdoor

In this paper we analyze a new threat campaign which is specifically focused on Aerospace and Defense companies: sectors appealing to multiple threat actors, but of particular interest to North Korean threat groups in other recent campaigns.

May 6, 2024
Account Takeover Through OTP Bots: The Latest Cyber Threat

Threats have evolved at an alarming rate, with attackers constantly finding new ways to exploit vulnerabilities and compromise user accounts. One is account takeover through OTP bots, posing a significant risk to individuals and businesses alike.

May 5, 2024
Exploring the Evolution of Online Criminal Activity: A Dive into Modern Cybercrime

Cybercrime has evolved from isolated individuals to international networks. In this paper we delves into this evolution, highlighting the complexities of modern cybercriminal operations and the challenges they pose to law enforcement.

February 6, 2024
The Rise of a New Dark Web Market

The darkweb marketplace landscape underwent a significant shift several years ago. The advent of secure chat services such as Telegram, Discord, and WhatsApp introduced a new dynamic. As a result, marketplaces operated by fraudsters began to emerge.

January 16, 2024
Cyber Fraud Fusion Operation: The Rise of Next-Gen Security Operations Centers (SOCs)

Welcome to the new era of fraud detection and prevention, where Next-Gen SOCs seamlessly integrate with the Fraud team, collectively serving as the frontline defenders against an increasingly sophisticated array of cyber threats and frauds.

January 11, 2024
Trademark Scams: Application Approval Scams Using Caller ID Spoofing

We deep dive into trademark application scams where the scammers impersonates the USPTO (United States Patent and Trademark Office) and spoofs their phone number to lure an applicant to pay additional fees to the scammer.

January 8, 2024
Unveiling the Latest Microsoft Teams Phishing Campaign Targeting Small Businesses

In this blog post, we will delve into the details of the latest Microsoft Teams phishing campaign, exploring its tactics, techniques, and procedures, and providing crucial insights to help small businesses stay vigilant.

December 22, 2023
BidenCash Dump 1.9M Compromised Debit/Credit Cards

On December 20th, 2023, BidenCash, a card shop, uploaded and shared 1.9 million stolen debit/credit cards on the XSS dark web forum. The data dump consisted of compromised card numbers, expiration dates, and CVV numbers.

October 22, 2023
How Fraudsters Use Phishing Campaigns for Account Takeovers

Ranging from 419 scams to sophisticated spear-phishing schemes, phishing is a prevalent social engineering technique employed by hackers to illicitly obtain employees’ credentials, users’ passwords, or credit card information.

June 7, 2023
No Honor Among Thieves Pt 2: Malware Dropper Distribution Via Malware Stealer Logs

This article examines the tactics employed by cybercriminals to distribute malware droppers via malware stealer logs within the dark web community. These logs are then shared with other cybercriminals, who then unknowingly infect themselves.

April 24, 2023
How a Bot Engine's Backdoor is Used to Deliver Nemesis Stealer

DarkArmor recently analyzed a malware dropper that dropped a malware downloader called Bot Engine, which then downloaded a recent Nemesis stealer. This report describes the Bot Engine framework and how it is used to infect users.

March 5, 2023
BidenCash Dump 2.1M Compromised Debit/Credit Cards

On February 28th '23, BidenCash, a card shop, celebrated their first anniversary by uploading over two million stolen debit/credit cards onto the XSS dark web forum. The data dump consisted of the compromised card numbers and personal information.

February 20, 2023
No Honor Among Thieves Pt 1: Reverse-Engineering A Ransomware Decryption Tool

A look at two cases that show how paying a ransom often fails to solve a ransomware victim’s problems because there is no honor among thieves; moreover, perpetrators are financially motivated to not hold up their end of the bargain.

January 21, 2023
2022 Fraud Summary For The Financial Sector

In 2022, DarkArmor uncovered 9,573 accounts being sold on the darkweb with the sum of $683 million. These accounts were openly available for sale and the cybercriminals even provided online banking screenshots as proof.

December 19, 2021
SUNBURST Malware: Backdoor State and C2

On December 13th, FireEye published a reportdetailing threat actors employing SolarWinds supply chain to compromise various victims globally with the SUNBURST backdoor. Our findings for this backdoor are detailed in this article.

December 19, 2021
2020 Fraud Summary For The Financial Sector

Cybercriminals are employing new tactics and techniques to stay ahead of the mitigations put into place by financial institutions. They are exploiting vulnerabilities, researching new tactics and developing novel attack vectors.

Sign up for early access

Advanced phishing and malware forensics to protect identity asset ownership before your organizations compromised credentials reach the dark web

Get proactive, prebreach intelligence

Be an early adopter with enhanced support and input on feature development

Limited time early adopter pricing

Get an edge over your competition

Get in TouchBook a Demo
HomeAbout UsFAQ
DarkArmorProtectMe
BlogContactLinkedIn