Us1 is a malicious program belonging to the MedusaLocker ransomware family. This malware operates by making files inaccessible and redundant by encryption, in order to demand ransoms for decryption. When Us1 encrypts data, files are appended with the ".us1" extension. For example, a file original
This website is advertised as a console to redirect unconfirmed Bitcoin cryptocurrency transactions to the provided BTC wallet. No less than two antivirus scanners on VirusTotal detected this as a phishing website. Research shows that the site also contains a login form, which could be used to st
Potentially unwanted applications (PUAs) are commonly distributed using installers for other apps of this type. In other words, this software is often bundled with additional unwanted and/or malicious applications. Hence, in some cases, a deceptive installer (e.g., fake Adobe Flash Player updater
videogate1[.]com is an untrusted web page that users do not often visit intentionally. Usually, these pages are opened by clicking deceptive ads, while visiting other bogus web pages, or they are opened by browsers with potentially unwanted applications (PUAs) installed. There are many websites s
Namaste is designed to prevent victims from accessing their files - it encrypts and renames files and keeps them inaccessible unless victims use a valid decryption tool. This ransomware appends the "._enc" extension to the filenames of all encrypted files. For example, "1.jpg" is renamed to "1.jpg
Discovered by Jakub Kroustek, Avaad is a malicious program belonging to the Dharma ransomware group. It is designed to encrypt data and demand payment for decryption. During the encryption process, affected files are renamed following this pattern: original filename, unique ID, cyber criminals' em
X2convert[.]com is an untrusted website, offering YouTube video and audio download services. This page allows users to convert YouTube URLs (links) into downloadable MP3/MP4 files. Note that x2convert[.]com infringes copyright laws and uses rogue advertising networks. Sites that use these network
d8yI+Hf7rX is a potentially unwanted application (PUA), a browser extension that comes bundled with other apps of this type (e.g., Gdiview). Bundled apps are classified as PUAs because users often download and install them inadvertently. Note that d8yI+Hf7rX adds the "Managed by your organization"
Go surfing is a browser hijacker, which promotes the keysearchs.com fake search engine. Software within this category typically promotes search engines by making modifications to browser settings, however, Go surfing does not always modify browsers in this way (see below). Go surfing is also a se
ReSearchConverter is dubious software that is categorized as a browser hijacker. Following successful installation, it makes alterations to browser settings to promote researchconverter.com (a bogus search engine). ReSearchConverter also has data tracking capabilities, which are employed to monit