DoppelDridex is a new variant of the Dridex malware. This malicious program has been used to inject systems with additional malware, with the final payload being ransomware. It is noteworthy that DoppelDridex has been actively proliferated via virulent Microsoft Office documents distributed throug
Oataltaul[.]com shows notifications used to promote various scams and other untrustworthy pages and opens websites of this kind itself. It functions like beta-one[.]net, news-themes[.]com, fast-travel[.]org, and plenty of other pages. Most of them are promoted through shady pages, unreliable ads,
MOON is a malicious program designed to encrypt data and demand payment for the decryption. This malware belongs to the Dharma ransomware family. During the encryption process, files are renamed following this pattern: original filename, unique ID assigned to the victim, cyber criminals' email ad
Chld is part of the Dharma ransomware family. This variant encrypts files, appends the victim's ID, keychild@onionmail.org email address and the ".chld" extension to their filenames, and generates two ransom notes (displays a pop-up window and creates the "info.txt" file). Chld renames a file nam
JustVideoSearch is a browser hijacker designed to promote the justvideosearch.com address, a fake search engine. It changes the web browser's settings to promote that address. Users often download and install browser hijackers inadvertently. For this reason, they are categorized as potentially unw
BlackByte ransomware makes files inaccessible by encrypting them and generates a ransom note (the "BlackByte_restoremyfiles.hta" file) that contains instructions on how to contact the attackers for data decryption and other details. Also, BlackByte appends the ".blackbyte" extension to the names
Search1.me is the address of a fake search engine. Typically, such web searchers are promoted by PUAs (Potentially Unwanted Applications) classified as browser hijackers. Search1.me has been observed being pushed by the Better Search browser hijacker. Browser hijackers promote fraudulent w
Mr.Frenk ransomware encrypts files and modifies their names by appending the victim's ID as the extension. For example, it renames a file named "1.jpg" to "1.jpg[ID]xXreYrOz66PL9qHB[ID]", "2.jpg" to "2.jpg[ID]xXreYrOz66PL9qHB[ID]", and so on. Also, Mr.Frenk displays a pop-up window that contains a
The purpose of the beta-one[.]net website is to trick visitors into agreeing to receive notifications. Also, this page is designed to promote (open) shady websites. There is plenty of pages like beta-one[.]net, for example, news-themes[.]com, silsautsacmo[.]com, and centralheat[.]me. These pages a
Better Search is a browser hijacker promoting the bettersearchtr.com fake search engine. Due to dubious methods used to distribute browser hijackers, they are also classified as PUAs (Potentially Unwanted Applications). Better Search modifies browsers by assigning bettersearchtr.com as the