Peatea.xyz is the URL (address) of a fake search engine. Typically, such web searchers are promoted by PUAs (Potentially Unwanted Applications) classified as browser hijackers. The peatea[.]xyz web searcher has been observed being promoted by a browser hijacker called Find. What is noteworthy abo
Ltnuhr encrypts files, then restarts a computer and displays a message on a black screen. It renames encrypted files by appending the ".ltnuhr" extension (for instance, it renames "1.jpg" to "1.jpg.ltnuhr", "2.jpg" to "2.jpg.ltnuhr"). Also, Ltnuhr creates the "RESTORE_FILES_INFO.txt" file, a ranso
"Network Solutions email scam" refers to a phishing spam campaign. The spam emails are disguised as storage-related notifications from Network Solutions - a legitimate technology company that is a subsidiary of Web.com, one of the largest .com domain name registrars. It must be emphasized that the
Xdwhatijunn[.]xyz has two purposes: to get permission to show notifications and promote shady web pages. It is more or less similar to positiveweb[.]org, towercaptcha[.]top, apel[.]top, and hundreds of other sites. Users open these sites unintentionally, for example, through untrustworthy ads or w
MysterySnail is the name of a Remote Administration Trojan (RAT) that was a payload in privilege escalation attacks that used exploits for Microsoft Windows vulnerabilities. A RAT is a type of malware that allows the attacker to control a computer remotely. Cybercriminals use it to steal informati
Similar to positiveweb.org, captchamodern.top, captcha-smart.top, and countless others, get-positive[.]net is a rogue website. It pushes its browser notifications, presents visitors with dubious content, and/or redirects them to various (likely unreliable or malicious) pages. Rogue sites are seld
Decryptionassistant is a ransomware-type program that encrypts data (renders files unusable) and demands ransoms for the decryption. Affected files are appended with ".decryptionassistant.[victim's_ID]". For example, a file initially named "1.jpg" would appear as something similar to ".decryption
KeyData is a rogue app categorized as adware. It also has browser hijacker qualities. Due to the questionable techniques used to distribute software products within these categories, they are also considered to be PUAs (Potentially Unwanted Application). Adware enables the placement of p
CRYpt0r V2.0 is a type of malware that encrypts files and appends the ".cry" extension to their filenames (for example, it changes "1.jpg" to "1.jpg.cry", "2.jpg" to "2.jpg.cry"). To provide instructions on how to contact the attackers, CRYpt0r V2.0 changes the desktop wallpaper and creates the "L
Positiveweb[.]org is a rogue website similar to captchamodern.top, financesurvey24.top, hisqueost.xyz, and thousands of others. These pages are designed to promote their browser notifications, present visitors with questionable content, and/or redirect them to various (likely untrustworthy or mali