Scammers are using a fake Google application to steal CoinBase login credentials. They use malicious installers to inject modified Chrome browser or similar software that changes the Google Chrome shortcut target. When users try to access a legitimate CoinBase page, they get redirected to a fake o
SafeTravel is a program that shows advertisements. For this reason, it is categorized as advertising-supported software (adware). Pretty often, adware developers promote and distribute their software using questionable methods. Thus, users often download and install adware unintentionally.
Pure Dark is an application that hijacks a web browser by changing some of its settings to ggfpa.com - an address redirecting visitors to questionable websites. In some cases, Pure Dark hijacks a browser without changing any settings. Pure Dark can change the homepage, new tab page, and de
Night Sky is the name of ransomware that encrypts files and modifies filenames by appending the ".nightsky" extension. For example, it renames "1.jpg" to "1.jpg.nightsky", "2.jpg" to "2.jpg.nightsky". Also, it creates the "NightSkyReadMe.hta" file that displays a pop-up window containing a ransom
ConnectProcess generates annoying advertisements and promotes a fake search engine by changing the web browser's settings. Usually, users get tricked into downloading and installing adware and browser-hijacking apps. Therefore, apps like ConnectProcess are called potentially unwanted application
Security-scanner[.]xyz is an untrustworthy website that displays deceptive content and asks for permission to show notifications used to promote other pages of this kind. Security-scanner[.]xyz is promoted through pages using rogue advertising networks. Security-scanner[.]xyz is similar to
It is a message offering to protect a computer displayed by an untrustworthy website. The creators of this page are affiliates seeking to collect illegitimate commissions. Their goal is to trick users into paying for Norton antivirus subscriptions. Norton is legitimate antivirus software. Its deve
Youneedtopay is ransomware that encrypts files and modifies filenames. It appends the ".youneedtopay" extension to filenames, for example, it renames "1.jpg" to "1.jpg.youneedtopay", "document.txt" to "document.txt.youneedtopay". Also, it changes the desktop wallpaper and creates the "READ_THIS.tx
The purpose of EdgeBegin is to display advertisements and promote a fake search engine (by hijacking a web browser). Also, EdgeBegin can read sensitive information from web browsers. In most cases, install apps like EdgeBegin unknowingly. Most of these apps are promoted and distributed using que
Dehd is ransomware that blocks access to files by encrypting them. Also, it creates a ransom note (the "_readme.txt" file) and appends the ".dehd" extension to filenames. For example, it renames "1.jpg" to "1.jpg.dehd", "image.png" to "image.png.dehd". Dehd belongs to a ransomware family called Dj