BLISTER is the name of malware that functions as a loader - malicious software that drops/executes another malware (injects its payload). It is known that threat actors behind BLISTER attacks use a valid code signing certificate to evade detection. BLISTER is being embedded in legitimate l
LIKEAHORSE is malware (ransomware) that encrypts files and appends the ".LIKEAHORSE" extension to their filenames. For example, it renames a file named "1.jpg" to "1.jpg.LIKEAHORSE", "image.png" to "image.png.LIKEAHORSE". LIKEAHORSE also creates the "#RECOVERY#.txt" text file containing a ransom n
Searchfox.xyz is a fake search engine promoted through a browser-hijacking application designed to modify the web browser's settings. Most users end up having their browsers hijacked unintentionally. Neither browser hijackers nor fake search engines are trustworthy. Depending on the user
Scammers behind this email attempt to trick users into believing that their McAfee subscription has expired and opening another deceptive page claiming that their computers are infected. Scammers could be using this email to trick recipients into paying for bogus subscriptions or services, install
Crypto_Support (also known as Crypto Support) is ransomware that encrypts files, appends the ".CRYPT" extension to filenames, and provides payment and contact information (ransom notes) in a pop-up window and the "README.txt" file. For example, Crypto_Support renames "1.jpg" to "1.jpg.CRYPT", "sam
EasyMacSoft is the name of an advertising-supported software designed to generate advertisements and promote a fake search engine by hijacking a web browser. EasyMacSoft is distributed using a fake installer disguised as the installer for Adobe Flash Player. EasyMacSoft can show advertis
It is an email disguised as a letter from Komerční banka, one of the largest banks in the Czech Republic. It contains a link to a phishing website designed to look like the official Komerční banka page. Scammers behind this email attempt to trick recipients into providing banking-related sensitive
MainOperation has the qualities of adware and a browser hijacker. The purpose of this application is to generate advertisements and promote a fake search engine. It is pretty common for apps like MainOperation to be distributed (or promoted) using deceptive methods. MainOperation can dis
TeslaRVNG3 encrypts and renames files and creates the "teslarvng3.hta" file designed to display a ransom note. It prepends the victim's ID, titnbest@mailfence.com email address, and appends the ".teslarvng3" extension to filenames of all encrypted files. For example, it renames "1.jpg" to "id[Ucn
Bvddx is ransomware. Malware of this type encrypts files and generates a ransom note containing instructions on how to contact the attackers for data recovery. Bvddx creates the "rFSH_HOW_TO_DECRYPT.txt" text file as its ransom note. It also renames files by appending a string of random character