Technical support scam websites typically display pop-up windows windows stating that the computer is infected with malware, viruses, etc., and offer a telephone number for help with removing supposedly "detected threats". In most cases, these pop-ups appear on pages claiming to represent well-k
PrimaryProcesser not only generates ads but also promotes a fake search engine by changing browser settings. It is also likely to collect browsing data and/or other information. Therefore, this app is classified as adware and a browser hijacker. In most cases, users download and install apps of
Coos is ransomware belonging to the Djvu family. It encrypts and renames victims' files, and creates the "_readme.txt" file (a ransom message) in all folders that contain encrypted files. Coos renames each encrypted file by appending the ".coos" extension to filenames. For example, "1.jpg" is ren
TypicalInput is adware (generates ads), however, it can also be classified as a browser hijacker, since it promotes a fake search engine by changing browser settings without users' permission. Additionally, it is likely that this app collects browsing data and other information. TypicalInput an
Search Lovely and similar apps are classified as browser hijackers because they change browser settings to force users to visit a specific address (and use a fake search engine). This particular app promotes tailsearch.com in this way. Browser hijackers also collect browsing-related (and other) i
Rubly encrypts files and displays a ransom message in a pop-up window. It also renames each encrypted file by appending the ".rubly" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.rubly", "2.jpg" to "2.jpg.rubly", and so on. Note that Rubly is a part of the Jigsaw ransomware fa
Aol ransomware belongs to the family of ransomware called Dharma. It encrypts files and renames them. It also creates the "FILES ENCRYPTED.txt" file and displays a pop-up window - these contain ransom messages. Aol renames files by adding the victim's ID, astra2eneca@aol.com email address, and ap
JSSLOADER is a Remote Access Trojan (RAT) capable of exfiltrating data, executing commands, downloading other malware, auto-updating itself and preventing itself from being debugged (analyzed). JSSLOADER is mostly used by the group of cyber criminals called FIN7. At first, JSSLOADER collects
Hub encrypts files, renames each encrypted file by adding the victim's ID, crypthub@tuta.io email address, and appending ".hub" extension. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[crypthub@tuta.io].hub", "2.jpg" to "2.jpg.id-C279F237.[crypthub@tuta.io].hub", and so on. Hub also disp
SampleConsole generates advertisements, modifies browser settings (promoting a fake search engine), and collects personal, sensitive information. In this way, it functions as adware, and as a browser hijacker and data collector. SampleConsole and similar apps are often downloaded and installed