The PDFEasyTool application supposedly operates as a media file converter (conversion of various files to PDF documents). In fact, this is a browser hijacker that promotes a fake search engine. PDFEasyTool promotes pdfeasytool.com by changing certain browser settings. Most browser hijackers are d
califiesrease[.]info is a rogue site similar to go9news.biz, speakwithjohns.com, goodbase.biz and countless others. Visitors to these web pages are presented with dubious content and/or are redirected to other untrusted or malicious websites. Users rarely enter rogue sites intentionally - most ar
Primechse is a group of deceptive websites promoting various scams. Sites belonging to this group have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scheme, however, they might also promote other scams and untrustworthy or malicious web pages. Most visits to Prim
IntelRapid is malicious software designed to steal victims' cryptocurrency wallets. These wallets are used to track, store, receive and transfer cryptocurrencies, such as Bitcoin, Litecoin, Ethereum, Monero, Tether, Dash and many others. Therefore, the software can cause significant financial los
This tech-support scam tricks visitors into believing that their computers are infected with information-stealing malware and calling scammers via the number provided. Typically, these web pages are opened through other untrusted websites, dubious advertisements or by installed potentially unwante
go9news[.]biz is similar to many other dubious websites including, for example, speakwithjohns[.]com, exq-timepieces[.]com and odicfulbrid[.]info. Like most, it redirects visitors to other untrusted pages or loads dubious content. Typically, browsers open these pages when potentially unwanted app
Ncov is a part of the Dharma ransomware family. It encrypts files, changes filenames, creates a text file and displays a pop-up window. Ncov renames encrypted files by adding the victim's ID, coronavirus@qq.com email address and appending the ".ncov" extension to filenames. For example, a file na
vitosc.xyz is the address of a fake search engine. Typically, fake search engines are promoted through various potentially unwanted applications (PUAs), browser hijackers. This fake search engine is promoted through a PUA named SApp+ (or Smash App+) and Nittok, however, other apps might also promo
Multy App is a browser hijacker endorsed as a multi-purpose tool that supposedly provides quick access to services such as search engines, encyclopedias, email, social networking and social media, e-commerce and online stores. In fact, Multy App operates by modifying browsers to promote searchmult
Despite its name, Corona-Virus-Map.com is not the address of a website - it is the name of a malicious program classified as a Trojan (or more specifically, a "backdoor" Trojan). This type of malware causes chain infections by stealthily downloading and installing additional malicious programs. C