Squirrelwaffle is a piece of malicious software designed to cause chain infections, i.e., download/install additional malware. At the time of research, Squirrelwaffle was used to infect systems with Cobalt Strike malicious program. The latter is infamous for being used to inject devices with ranso
ModeService is an adware-type app with browser hijacker qualities. Due to most users inadvertently downloading/installing ModeService, it is also classified as a PUA (Potentially Unwanted Applications). Adware enables the placement of third-party graphical content (e.g., pop-ups, banners
Cowboy2u4me[.]me is one of the many websites designed to load untrustworthy content, ask for permission to show notifications, and open shady web pages. It is similar to jollycrowds[.]com, news-lipaze[.]cc, positivestar[.]org, and other sites. Users end up on these pages unintentionally. C
Jollycrowds[.]com can redirect visitors to various untrustworthy pages. Also, it asks for permission to show notifications. This page gets opened through clicked shady advertisements, other dubious pages, or installed potentially unwanted applications (PUAs) - users do not open jollycrowds[.]com o
Cybelium is a piece of malicious software classified as ransomware. It is designed to encrypt data (render files unusable) and demand ransoms for the decryption. Affected files are appended with a ".cybel" extension. For example, a file initially titled "1.jpg" would appear as "1.jpg.cybel", "2.j
GlobeImposter (.xls) encrypts files and appends the ".xls" extension to each encrypted file's filename. For example, a file named "1.jpg" is renamed to "1.jpg.xls", "2.jpg" to "2.jpg.xls", and so on. GlobeImposter (.xls) creates the "read-me.txt" file to provide instructions on how to contact the
MapperTrack generates revenue for its developer by displaying advertisements and promoting a fake search engine. MapperTrack has the qualities of an adware-type app and a browser hijacker. It is very uncommon for apps of this type to be downloaded and installed knowingly. Therefore, they are cat
ExcitingCentral is a piece of rogue software categorized as adware. It also has browser hijacker qualities. Since most users unintentionally download/install products within these categories, they are also considered to be PUAs (Potentially Unwanted Applications). Adware delivers various
Inferno is a new variant of ransomware called Avaddon. This variant encrypts files and appends the ".avdn" extension to their filenames. For example, it renames "1.jpg" to "1.jpg.avdn", "2.jpg" to "2.jpg.avdn". To provide information regarding data decryption, Inferno creates the "210201-readme.ht
Chinadecryption2021is a ransomware-type program. It is designed to encrypt data and demand payment for the decryption. In other words, this malware renders files inaccessible and asks for payment to restore access to the data. Files are appended with ".chinadecryption2021.[victim's_ID]" extension