Discovered by GrujaRS, KesLan is a malicious program categorized as ransomware. It is designed to encrypt data and demand a ransom payment for decryption (i.e., payment for decryption tools/software). There are several variants of this ransomware. During encryption, KesLan appends files with the "
vnse52.xyz is a fake search engine and promoted through a number of browser hijackers. One example is called APP. Browser hijackers are potentially unwanted applications (PUAs) that most people download and install inadvertently. In most cases, PUAs change browser settings and record browsing dat
Discovered by GrujaRS, NEMTY 2.2 REVENGE is an updated variant of NEMTY REVENGE 2.0 ransomware. This malware encrypts data and demands ransom payments for decryption. During this process, all files are appended with an extension consisting of ".NEMTY_" and a unique ID, generated individually for e
The SwiftEngine app supposedly helps users to browse the web, however, it serves advertisements and gathers various data. Apps of this type are classified as adware. Furthermore, since most people do not download applications such as SwiftEngine intentionally, they are also known as potentially
OneSafe PC Cleaner is software classed as a Potentially Unwanted Application (PUA). It is endorsed as system cleaning tool capable of scanning and removing various threats and issues. One of this application's distribution methods is via deceptive/scam websites, hence why it is classified as a PUA
The SystemDistrict application should not be trusted, since it is categorized as adware and a potentially unwanted application (PUA). Apps of this type feed users with unwanted ads and often gather private information. Typically, people do not download or install this software intentionally. In
JavaRatty (also known as JavaCrypt) is malicious software classified as ransomware. Most ransomware-type programs encrypt data, however, JavaRatty damages files rather than encrypting them. When this malware damages files, they are appended with the ".encrypted" extension. Therefore, "1.jpg" might
securedconection[.]com is the address of a deceptive website that targets people who use iPhones. It display a fake virus notification and trick visitors into installing software that supposedly removes 'detected' viruses. At the time of research, securedconection[.]com urged users to download a
safeiphoneconnection[.]com is a deceptive/scam website. Visitors to this site are warned that their device has been infected, and if the threats are not removed, they risk permanent damage. Note that no web page can detect threats/issues present on any system - any that make such claims cannot b
youhave-1-message[.]com is a deceptive website that targets iPhone users. It promotes a dubious application that supposedly removes fake viruses detected by the site. At the time of research, youhave-1-message[.]com encouraged users to download and install an application called Antivirus SafeGua