Hotrivsaln is a group of deceptive websites running various scams. Sites belonging to Hotrivsaln have been observed promoting "Latest version of Adobe Flash Player" and "Dear Chrome User, Congratulations!" schemes, yet other scams might also be accessed through or run on these web pages. Most p
"Install.app wants access to control" is text from a fake system notification. This appears on MacOS operating systems that have potentially unwanted applications (PUAs) installed. Note that Install.app is a PUA and should not be allowed to control Safari (Safari.app) or other apps, perform acti
Discovered by dnwls0719, Tsar is a malicious program classified as ransomware. It operates by encrypting the data of infected systems and demanding payment for decryption. During the encryption process, all affected files are appended with the ".Tsar" extension. For example, a file such as "1.jpg
Pyrogenic/Qealler is Java-based information stealer, which cyber criminals proliferate to steal credentials from browsers and other applications. The information stolen by Pyrogenic/Qealler could be misused to generate revenue in various ways. If there is reason to believe that this malware is ins
apl-def[.]com is a deceptive website running several different scam variants. By claiming that the visitors' devices are infected, or that their internet connection is not secure, it attempts to trick them into downloading/installing nonoperational, untrusted or malicious software. Few users ac
Like most ransomware-type programs, sepSys encrypts files, modifies their filenames and creates a ransom message. This particular ransomware renames files by appending the ".sepsys" extension to filenames. For example, "sample.jpg" becomes "sample.jpg.sepsys", and so on. It also creates a ransom
"Roundcube" email (subject: "- NOTIFICATION - Storage Full") is deceptive message supposedly from Roundcube, a legitimate email service provider. The message claims that recipients have reached their mail storage limit and, unless immediate actions are taken, their accounts will be blocked. This
vprx.xyz is the address of a fake search engine. Typically, fake search engines are promoted through various potentially unwanted applications (PUAs), mostly browser hijackers. Research shows that vprx.xyz is promoted through a browser hijacker called SApp+, however, it might also be promoted thro
Voodoosrc is a group of deceptive websites, which are designed to run various online scams. Voodoosrc has been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scheme, however, other scams can also be accessed through these sites. Few visitors access these web pages inte
Promoted as supposedly improving the browsing experience, CrowdExclusive is actually an adware-type application. This app runs intrusive advertisement campaigns, which deliver various annoying and harmful ads. Due to its dubious proliferation methods, it is also classed as a Potentially Unwanted