404 Keylogger is software designed to record key strokes, recover account passwords and otherwise monitor users' activity. 404 Keylogger is promoted as a legitimate tool for various businesses and for companies to track client/customer activity (with consent) and an "educational" tool to aid learn
RAGNAROK (.thor) is a new variant of Ragnarok ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with a random character string and the ".thor" extension. For exa
Default Search hijacks web browsers by modifying certain settings (assigning them to find.defaultsearch.info). In this way, it promotes a fake search engine. If installed on Google Chrome, Default Search adds the "Managed by your organization" feature as well. Additionally, this browser hijacker
Memorama is a game designed for people who wish to improve their memorization skills. It uses an in-game currency called Cristales, a certain sum of which can be purchased using the Memorama in-app purchase feature. In fact, there are various websites offering to generate Cristales free of charge.
MarketService is an adware-type application with browser hijacker traits. Following successful installation, it delivers intrusive advertisement campaigns, makes modifications to browser settings and promotes fake search engines. MarketService promotes 6v5f3l.com on Safari browsers and search.lo
RedDelta is the name of a threat activity group targeting the Vatican and Catholic Church-related, and some non-governmental, organizations. Research shows that the group uses malware variants for their attacks, one of which is a modified variant of PlugX referred to as RedDelta PlugX. Other known
charmsearching.com is the address of a fake search engine. These bogus web search engines are usually promoted by Potentially Unwanted Applications (PUAs), classified as browser hijackers. This software operates by making modifications to browser settings to promote fake search tools (including ch
JB78 replaces the filenames of encrypted files with the jamesBaker78@criptext.com email address, a string of random characters. It also appends the ".JB78" extension to them. For example, "1.jpg" is renamed to "[JamesBaker78@criptext.com].y5ebua4u-oXnxuIWO.JB78", "2.jpg" to "[JamesBaker78@criptex
FG69 is a malicious program that belongs to the Matrix ransomware family. Like most of these programs, it encrypts files, renames them and creates a ransom message. FG69 renames files, replacing their filenames with the Adamfox69@criptext.com email address, a string or random characters, and appen
Websites such as service24[.]report often trick visitors into downloading and installing potentially unwanted applications (PUAs). In many cases, these web pages claim that the device is infected with viruses and offer to remove them with a specific app. Note that users do not often visit sites