Discovered by Jakub Kroustek, C-VIR is malicious software belonging to the Dharma ransomware family. Typically, software of this type encrypts files, changes their filenames and creates and/or displays ransom messages. C-VIR renames encrypted files by adding the victim's ID, coronavirus@foxmail.co
Quick Photo Editor is a rogue application supposedly capable of providing easy access to various free photo editing services. It makes modifications to browser settings to promote search.hquickphotoeditor.com (a fake search engine). Therefore, this app is classified as a browser hijacker. Further
Discovered by dnwls0719, Waldo is a malicious program classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. During the encryption process, filenames of affected files are typically appended with an ext
There are many fake search engines on the internet. In most cases, they are promoted through potentially unwanted applications (PUAs), browser hijackers. Note that vmos.xyz is the address of a fake search engine, which is promoted through PUAs named SApp+ and Ext Apps. It is possible that other b
belazyelephant[.]com opens various untrusted pages or loads dubious content. It functions in a similar way to many other rogue websites including, for example, go9news[.]biz, alisalis[.]com and exq-timepieces[.]com. These are often opened by potentially unwanted applications (PUAs) installed on th
alisalis[.]com is one of many rogue websites that load dubious content or redirect visitors to other untrusted web pages. Some examples of other pages similar to alisalis[.]com include go9news[.]biz, speakwithjohns[.]com and exq-timepieces[.]com. Browsers often open websites of this type when pote
Cyber criminals commonly attempt to spread malicious programs through files attached to their emails (spam campaigns). In summary, they send emails that are disguised as important, official and seek to deceive recipients into opening/executing the downloaded file. In this case, cyber criminals se
Npsk is one of many malicious programs that form part of the ransomware family called Djvu. This particular ransomware infection was discovered by Karsten Hahn and is designed to encrypt victims' files, modify filenames and create ransom messages. Npsk modifies encrypted files by appending the ".
PlugX is a Remote Access Trojan (RAT). Malware under this classification grants cyber criminals remote access and control over the infected device. PlugX Trojan has various capabilities, which can cause particularly serious issues. It has been observed targeting Afghan, American, Russian, Belorus
DataQuest is part of the AdLoad adware family. This application displays advertisements, promotes a fake search engine, and might also gather various information. In summary, this app operates as adware and a browser hijacker. Typically, users do not download or install apps of this type intenti