CryptPethya belongs to the family of ransomware called Xorist. It not only encrypts and renames victims' files, but also changes the desktop wallpaper and creates the "HOW TO DECRYPT FILES.txt" file in all folders that contain encrypted files. CryptPethya renames files by appending its name as th
As its domain name suggests, 4anime[.]to is a website offering an anime streaming service. There are two problems with this web page: 1) it is a pirate site that illegally distributes copyrighted content, and; 2) it uses rogue advertising networks (containing dubious ads). Neither 4anime[.]to nor
In most cases, phishing emails are sent by scammers who attempt to trick recipients into providing sensitive, personal information such as credit card details, login credentials (e.g., username, email address, password), social security numbers and other details. Most are disguised as official, im
NuggetPhantom is a modularized malware toolkit consisting of three types of modules for deployment, download, and function execution. It targets computers that contain the EternalBlue vulnerability. Research shows that NuggetPhantom is used for cryptohijacking and DDoS attacks. Typically,
CompellingState functions as adware and as a browser hijacker. It generates advertisements and modifies browser settings without users' permission. It is also likely to collect browsing-related (and other) information. Typically, users do not download or install these apps intentionally and, th
There are many scam websites designed to display fake virus alerts, pop-up windows that suggest that users' devices are infected. These websites often seem similar to official Apple pages and usually contain a "Remove Virus" button linking users to a supposed security application. In summary, t
search.validexplorer.com is the address of a fake search engine. Typically, these URLs appear in browser settings after installation of a browser hijacker. Users often download and install browser hijackers unintentionally and, for this reason, they are categorized as potentially unwanted applic
Lockerxxs belongs to the Xorist ransomware family. It is designed to encrypt victims' files, rename each encrypted file, display a pop-up window/ransom message, and create the "HOW TO DECRYPT FILES.txt" file (another ransom message). It renames files by appending the ".lockerxxs" extension. For e
search.accessiblelist.com is a fake search engine. Most sites of this type are promoted via browser hijackers, apps that modify browser settings without users' permission. One app known to promote search.accessiblelist.com is called SkilledSearchAdvise, which not only promotes this site but als
Typically, browser hijackers promote fake search engines by modifying certain browser settings. This particular app promotes searchwebs.xyz. It also collects browsing history and possibly other data. Browser hijackers such as XoXoEmoticons are often downloaded and installed by users unintentional