Discovered by malware intelligence analyst, Marcelo Rivero, PPHL is a malicious program that belongs to the Dharma ransomware family. It operates by encrypting data and demanding payment for decryption. During the encryption process, all compromised files are renamed according to this pattern: or
"Warning: Your macOS has expired" is a technical support scam run on deceptive websites. This scheme claims that the user's macOS (Mac Operating System) has expired, and due to this, certain applications will no longer be operational and the device itself is at risk of infection. Additionally,
Erif is a malicious program belonging to the Djvu ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, all affected files are appended with the ".erif" extension. For example,
History Wipe Clean is dubious software promoted as a tool to increase browsing privacy. It is supposedly capable of preventing browsing-activity tracking and clearing the browsing history upon browser reopening. In fact, History Wipe Clean is classified as adware, as it runs intrusive advertisemen
XTMEM is malicious software, classified as a stealer. As the classification suggests, this type of malware steals information. Stealers have a wide range of dangerous capabilities, which can lead to likewise varied issues for users of infected devices. XTMEM poses a significant threat to device a
OperativeDesktop is dubious software classified as adware with browser hijacker traits. Following successful installation, this app runs intrusive ad campaigns, makes alterations to browser settings in order to promote fake search engines. OperativeDesktop promotes Safe Finder via akamaihd.net i
Exorcist is a ransomware-type malicious program. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all compromised files are appended with an extension consisting of a ransom string of characters. For exam
ArchimedesLookup is a rogue application categorized as adware and possessing browser hijacker traits. It operates by running intrusive advertisement campaigns, making modifications to browser settings and promoting fake search engines. Most adware and browser hijackers gather browsing-related i
jightlydra[.]club is a rogue website designed to redirect visitors to other untrusted/malicious pages and/or to present them with dubious content. At the time of research, this site promoted an installer containing malicious software. Websites such as cvazirouse.com, onlybestpushnews.com, and zmus
XCrypto is malicious software categorized as ransomware. It operates by encrypting data and demanding payment for decryption. During the encryption process, all affected files are renamed following this pattern: original filename, unique ID, cyber criminals' email address and the ".XCrypto" extens