Xdwhatijunn[.]xyz has two purposes: to get permission to show notifications and promote shady web pages. It is more or less similar to positiveweb[.]org, towercaptcha[.]top, apel[.]top, and hundreds of other sites. Users open these sites unintentionally, for example, through untrustworthy ads or w
MysterySnail is the name of a Remote Administration Trojan (RAT) that was a payload in privilege escalation attacks that used exploits for Microsoft Windows vulnerabilities. A RAT is a type of malware that allows the attacker to control a computer remotely. Cybercriminals use it to steal informati
Similar to positiveweb.org, captchamodern.top, captcha-smart.top, and countless others, get-positive[.]net is a rogue website. It pushes its browser notifications, presents visitors with dubious content, and/or redirects them to various (likely unreliable or malicious) pages. Rogue sites are seld
Decryptionassistant is a ransomware-type program that encrypts data (renders files unusable) and demands ransoms for the decryption. Affected files are appended with ".decryptionassistant.[victim's_ID]". For example, a file initially named "1.jpg" would appear as something similar to ".decryption
KeyData is a rogue app categorized as adware. It also has browser hijacker qualities. Due to the questionable techniques used to distribute software products within these categories, they are also considered to be PUAs (Potentially Unwanted Application). Adware enables the placement of p
CRYpt0r V2.0 is a type of malware that encrypts files and appends the ".cry" extension to their filenames (for example, it changes "1.jpg" to "1.jpg.cry", "2.jpg" to "2.jpg.cry"). To provide instructions on how to contact the attackers, CRYpt0r V2.0 changes the desktop wallpaper and creates the "L
Positiveweb[.]org is a rogue website similar to captchamodern.top, financesurvey24.top, hisqueost.xyz, and thousands of others. These pages are designed to promote their browser notifications, present visitors with questionable content, and/or redirect them to various (likely untrustworthy or mali
Gvh65 is a malicious program classified as ransomware. It is designed to encrypt data (render files inaccessible) and demand ransoms for the decryption. Compromised files are appended with a random character string and a ".gvh65" extension. For example, a file like "1.jpg" would appear something
Typically, scammers use phishing emails to trick recipients into providing personal/sensitive information like credit card details, login credentials. Scammers behind this email seek to obtain email account login credentials through a phishing website. Scammers attempt to trick recipients
GABUTS PROJECT is a ransomware-type program. It operates by encrypting data and demanding ransoms for the decryption. Affected files are appended with an ".im back" extension. For example, "1.jpg" would appear as "1.jpg.im back", "2.jpg" as "2.jpg.im back", and so on. Afterwards, a ransom note -