Discovered by GrujaRS, Fcorp is based on open-source ransomware called Hidden Tear. Fcorp encrypts files and appends the ".fcorp" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.fcorp", "2.jpg" to "2.jpg.fcorp", etc. This ransomware also replaces the desktop wallpaper with its r
Discovered by GrujaRS, ByteLocker is a ransomware-type program based on the Hidden Tear (HiddenTear) open-source project. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. Typically, ransomware encrypts files and changes associated fi
ProductChannel displays advertisements, changes browser settings, and collects sensitive information. ProductChannel is a type of app that functions as adware, a browser hijacker, and data collector. These apps are often downloaded and installed by users unintentionally and, for this reason, th
BLADABINDI is a backdoor threat, designed to inject systems with malicious payloads. I.e., following successful infiltration, it stealthily downloads/installs malware onto affected systems. At the time of research, BLADABINDI has been observed being proliferated by and bundled with Windscribe VPN
Junkie web is a browser hijacker, which promotes the keysearchs.com fake search engine. Software within this classification usually operates by making modifications to browser settings in order to promote bogus search engines. Despite this, Junkie web does not always modify browsers when promoting
There are many deceptive websites that display fake virus notifications stating that the device (typically, iPhone) is infected and/or there are other problems that must be resolved immediately, otherwise more damage will be done. Note that systemnotices[.]com also has this behavior. The main p
InitialProgram is untrusted software classified as adware, which also has browser hijacker traits. Following successful infiltration, this application delivers intrusive advertisement campaigns (resulting in various unwanted ads) and makes changes to browser settings to promote bogus search engi
Dexx is malicious software and part of the Dharma ransomware group. It operates by encrypting data and demanding payment for decryption. When Dexx ransomware encrypts, it renames files following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and
Typically, users do not often visit addresses such as freshnewmessage[.]com intentionally, they are opened after deceptive ads are clicked or other bogus websites are visited. These sites are also opened when potentially unwanted applications (PUAs) are installed on browsers and/or operating syste
ElementaryType is an adware-type app with browser hijacker characteristics. This piece of rogue software operates by running intrusive advertisement campaigns and making alterations to browser settings to promote fake search engines. Additionally, adware and browser hijackers usually collect br