UpgradeSearchView displays ads and promotes a fake search engine. It has the qualities of advertising-supported software and a browser-hijacking application. Apps like UpgradeSearchView are categorized as potentially unwanted applications (PUAs). It is because the majority of users download and
Cool is ransomware that prevents victims from accessing files by encrypting them. Also, it appends the ".cool" extension to filenames (for example, it renames "1.jpg" to "1.jpg.cool", "2.jpg" to "2.jpg.cool") and creates the "_readme.txt" file - a ransom note. Cool is part of the Djvu ransomware f
Palq is the name of a ransomware variant that belongs to a family of ransomware called Djvu. It encrypts files and appends the ".palq" extension to filenames. For example, it renames "1.jpg" to "1.jpg.palq", "2.jpg.palq" to "2.jpg.palq". Palq provides contact and payment information in a ransom no
News-wavaye[.]cc uses a clickbait technique to lure visitors into allowing it to deliver notifications and opens untrustworthy pages. There are plenty of pages of this type. Some examples are thdedukicatio[.]xyz, beparaspr[.]com, and news-helaga[.]cc. News-wavaye[.]cc claims that visitors
Thdedukicatio[.]xyz displays untrustworthy content to trick visitors into agreeing to receive notifications and promotes various potentially malicious pages. It uses a clickbait technique to get permission to show notifications. Users do not open pages like thdedukicatio[.]xyz intentionally.
38dpz is the name of a ransomware variant that encrypts files, modifies filenames by appending a string of random characters and the ".38dpz" extension to them, and creates a ransom note (the "WKFr_HOW_TO_DECRYPT.txt" text file). For example, 38dpz renames a file named "1.jpg" to "1.jpg.ux9-od4j6
Favtab.com is both the address of a fake search engine and the name of a browser hijacker used to promote that address. Most users download and install browser hijackers inadvertently. Thus, they are categorized as potentially unwanted applications (PUAs). Apps of this type hijack browsers by chan
Extortionist ransomware encrypts files and appends the openthefile@mailfence.com email address, a string of ransom characters, and the ".Extortionist" extension to filenames. For example, it renames "1.jpg" to "1.jpg.[openthefile@mailfence.com][MJ-PQ4931720865].Extortionist", "2.jpg" to "2.jpg.[op
Rozbeh ransomware (also known as R.Ransomware) is malware that encrypts files, changes their filenames, and creates the "read_it.txt" file. It renames files by appending four random characters as the file extension. For example, it renames "1.jpg" to "1.jpg.7ufr", "2.jpg" to "2.jpg.1ytu". The text
My Togo is a browser hijacker designed to promote the togosearching.com address, a fake search engine. This app hijacks a browser by changing its settings. A big part of browser hijackers are distributed using questionable methods. Thus, most of them get downloaded and installed inadvertently.