Rubly encrypts files and displays a ransom message in a pop-up window. It also renames each encrypted file by appending the ".rubly" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.rubly", "2.jpg" to "2.jpg.rubly", and so on. Note that Rubly is a part of the Jigsaw ransomware fa
Aol ransomware belongs to the family of ransomware called Dharma. It encrypts files and renames them. It also creates the "FILES ENCRYPTED.txt" file and displays a pop-up window - these contain ransom messages. Aol renames files by adding the victim's ID, astra2eneca@aol.com email address, and ap
JSSLOADER is a Remote Access Trojan (RAT) capable of exfiltrating data, executing commands, downloading other malware, auto-updating itself and preventing itself from being debugged (analyzed). JSSLOADER is mostly used by the group of cyber criminals called FIN7. At first, JSSLOADER collects
Hub encrypts files, renames each encrypted file by adding the victim's ID, crypthub@tuta.io email address, and appending ".hub" extension. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[crypthub@tuta.io].hub", "2.jpg" to "2.jpg.id-C279F237.[crypthub@tuta.io].hub", and so on. Hub also disp
SampleConsole generates advertisements, modifies browser settings (promoting a fake search engine), and collects personal, sensitive information. In this way, it functions as adware, and as a browser hijacker and data collector. SampleConsole and similar apps are often downloaded and installed
Crazy ransomware belongs to the VoidCrypt ransomware family. It blocks access to files by encryption, renames each encrypted file, and creates the "!INFO.HTA" file, which is designed to open a pop-up window containing a ransom message. Crazy renames files by adding the crazykillerusakk@hotmail.co
The Finding Pro browser hijacker promotes tailsearch.com, a fake search engine. Typically, apps of this type promote fake search engines by changing certain browser settings without users' permission, however, this is not always the case with this site (see below). Additionally, Finding Pro colle
Alfonso (also known as Al'fon$o) is an information stealer that cyber criminals sell on hacker forums. Typically, malware of this type targets credit card details, passwords (and other sensitive information), and runs stealthily in the system background. Alfonso stealer collects data such
In most cases, websites such as peachlandus[.]com display fake virus alert pop-ups stating that the visitor's device is infected, compromised, damaged, or harmed in some other way. In summary, they use deceptive methods to trick visitors into downloading and installing a potentially unwanted app
CryptPethya belongs to the family of ransomware called Xorist. It not only encrypts and renames victims' files, but also changes the desktop wallpaper and creates the "HOW TO DECRYPT FILES.txt" file in all folders that contain encrypted files. CryptPethya renames files by appending its name as th