News-wavaye[.]cc uses a clickbait technique to lure visitors into allowing it to deliver notifications and opens untrustworthy pages. There are plenty of pages of this type. Some examples are thdedukicatio[.]xyz, beparaspr[.]com, and news-helaga[.]cc. News-wavaye[.]cc claims that visitors
Thdedukicatio[.]xyz displays untrustworthy content to trick visitors into agreeing to receive notifications and promotes various potentially malicious pages. It uses a clickbait technique to get permission to show notifications. Users do not open pages like thdedukicatio[.]xyz intentionally.
38dpz is the name of a ransomware variant that encrypts files, modifies filenames by appending a string of random characters and the ".38dpz" extension to them, and creates a ransom note (the "WKFr_HOW_TO_DECRYPT.txt" text file). For example, 38dpz renames a file named "1.jpg" to "1.jpg.ux9-od4j6
Favtab.com is both the address of a fake search engine and the name of a browser hijacker used to promote that address. Most users download and install browser hijackers inadvertently. Thus, they are categorized as potentially unwanted applications (PUAs). Apps of this type hijack browsers by chan
Extortionist ransomware encrypts files and appends the openthefile@mailfence.com email address, a string of ransom characters, and the ".Extortionist" extension to filenames. For example, it renames "1.jpg" to "1.jpg.[openthefile@mailfence.com][MJ-PQ4931720865].Extortionist", "2.jpg" to "2.jpg.[op
Rozbeh ransomware (also known as R.Ransomware) is malware that encrypts files, changes their filenames, and creates the "read_it.txt" file. It renames files by appending four random characters as the file extension. For example, it renames "1.jpg" to "1.jpg.7ufr", "2.jpg" to "2.jpg.1ytu". The text
My Togo is a browser hijacker designed to promote the togosearching.com address, a fake search engine. This app hijacks a browser by changing its settings. A big part of browser hijackers are distributed using questionable methods. Thus, most of them get downloaded and installed inadvertently.
Robin encrypts and renames files. It appends the aaaopenaaa@mailfence.com email address, possibly a victim's ID, and the ".robin" extension to filenames. For example, it renames "1.jpg" to "1.jpg.[aaaopenaaa@mailfence.com][MJ-IF6492831075].robin", "2.jpg" to "2.jpg.[aaaopenaaa@mailfence.com][MJ-IF
Beparaspr[.]com attempts to get permission to show notifications and redirects visitors to questionable websites. Most of these pages get opened through untrustworthy ads, other shady pages, potentially unwanted applications (PUAs). Users do not open them intentionally. Beparaspr[.]com dis
ElementSignal is an untrustworthy app designed to display annoying ads and hijack a web browser by changing its settings. Typically, users do not exactly know how they have downloaded and installed adware/browser hijackers. Thus, ElementSignal (and other apps of this type) are categorized as pot