install-plug-s3[.]com is designed by scammers who seek to deceive unsuspecting visitors into installing potentially unwanted applications (PUAs), such as browser hijackers, adware or other apps of this kind, through a fake Adobe Flash Player installer. In some cases, these websites are used to s
JhoneRAT is the name of a Remote Access Tool (Trojan), which is distributed through malicious Microsoft Office documents. Cyber criminals behind it target Arabic-speaking users. This malicious program selects (by filtering) victims by checking the keyboard layout of their computers. JhoneRAT is c
"You have (1) package waiting" is a scam run by deceptive websites. Under the guise of an official delivery tracking site, the scam claims that visitors have packages waiting for them. The purpose of this scheme is to trick users into making a monetary transaction, a fake delivery fee. All inform
Discovered by GrujaRS, Picocode is ransomware and an updated version of Pico. Like many other programs of this type, Picocode changes filenames of all encrypted files and creates a ransom message. It renames files by appending the ".picocode#" extension and a number. For example, it renames "1.jp
MoFinder is software, categorized as adware. While typically applications of this type are promoted as "useful", they operate by running intrusive advertisement campaigns. Therefore, MoFinder delivers various unwanted, dubious and even harmful ads. Since most users install this program inadvertent
This is a scam website used by criminals to extort money from unsuspecting people. It is disguised as the website of an international department of lost and found packages. The main purpose of this site is to trick recipients into paying for delivery of unclaimed packages. Generally, websites of
Sharing many similarities with betanews.me, sms-mail-message.com, fastnewstream.com and countless others, creditcable[.]info is a rogue website. Visitors to it are presented with dubious content and/or redirected to other untrustworthy, even malicious sites. Few users enter creditcable[.]info int
Belonging to the Crisis/Dharma malware family, Devon is a ransomware infection. This malicious program encrypts data and demands payment for decryption. When encryption is underway, files are renamed with a unique ID, the developer's email address and ".Devon" extension. For example, a filename l
The PDF Tools Plus is a browser hijacker endorsed as a tool to convert document formats to PDF and vice versa. It operates by making certain alterations to browsers to promote thepdftoolssearch.net, a fake search engine. Furthermore, this app possess data tracking capabilities, which it employs to
maztek[.]xyz is a scam site, which claims that the visitor's device has been infected. Note that no web page can detect threats/issues present in systems. Typically, scams of this type promote untrustworthy and/or malicious content. At the time of research, maztek[.]xyz redirected users to a bro