Defender-scanning[.]xyz displays deceptive content and asks for permission to show notifications. It shares these qualities with newschecktoday[.]com, push-defenders[.]com, profitsurvey24[.]com, and plenty of other websites. It is very uncommon for these pages to be visited intentionally.
VLOPlayer seems like a legitimate media player that looks similar to the VLC player. However, it is distributed with a browser hijacker (named Search By VLO) designed to promote vlosearch.com (a fake search engine). Browser hijackers promote fake search engines by changing the browser's settings.
Unlock is a malicious program categorized as ransomware. It is designed to encrypt data (render files unusable) and demand ransoms for the decryption. Encrypted files are appended with a unique ID assigned to the victim and the ".unlock" extension. For example, a file initially named "1.jpg" woul
Newschecktoday[.]com is a rogue website that displays dubious content, pushes its browser notifications, and/or redirects visitors to other (likely unreliable and malicious) sites. The Internet is rife with such pages; hukelpfulin.xyz, earnmoneycrypt.com, and businesspayments.org are just some exa
WinCrypto is a piece of malicious software classified as ransomware. It encrypts data (renders files inaccessible) and demands payment for the decryption. Affected files are appended with the ".wincrypto" extension. For example, a file like "1.jpg" would appear as "1.jgp.wincrypto", "2.jpg" as "2
RSFDD is ransomware that blocks access to files (encrypts files), modifies their filenames, and creates a ransom note (the "ReadMe.txt" file). RSFDD appends the victim's ID, john.karick@mailfence.com email address, and ".RSFDD" extension to filenames. For example, it renames "1.jpg" to "1.jpg-Id3
"Firewall Error: #ST43400X" is a technical support scam targeting Japanese-speaking users. This scheme claims that access to the device has been restricted due to detected threats. It must be emphasized that this error is fake and in no way associated with the Microsoft Corporation. Scam-promoted
"Norton Security - Your PC is infected with 5 viruses!" is a deceptive virus notification displayed by a fake Norton (a legitimate anti-virus or anti-malware software product) website. Pages of this type are used to extract personal information, fraudulently promote legitimate or untrustworthy sof
Midas is the rebranded version of Haron ransomware. It is designed to encrypt data (lock files) and demand ransoms for the decryption. Malware of this type typically renames the encrypted files, since Midas ransomware primarily targets companies and other large entities - it appends filenames wit
The purpose of this email is to trick recipients into infecting their computers with a Remote Access Trojan (RAT) called AgentTesla. It has an archive file attached to it. That archive file contains an executable file designed to inject AgentTesla. This email is disguised as a letter from