clickmp3[.]com offers download of videos from YouTube. Note that using websites such as clickmp3[.]com or third-party apps to download videos is against YouTube's Terms of Service. clickmp3[.]com also uses rogue advertising networks: the site contains dubious ads and opens other untrusted pages.
Discovered by 0x4143, Resgateseup is malicious software classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools. Typically, ransomware renames affected files, however, the filenames of files encrypted by Resgatese
InitialDevice changes browser settings, generates advertisements, and might also gather certain information. In this way, InitialDevice functions both as adware and as a browser hijacker. Typically, users download and install apps such as InitialDevice inadvertently and, therefore, they are cla
"Spin The Wheel" is a scam promoted on various deceptive websites. There are several variants of this scam. In general, the scheme claims users have the chance to win a prize. Note that "Spin The Wheel" is in no way associated with Home Depot, Amazon, Apple, or other companies it mentions. Additi
URSA ransomware encrypts files and creates two ransom messages in "RECOVER_YOUR_FILES.HTML" and "RECOVER_YOUR_FILES.TXT" files, which it places in folders that contain encrypted files. Note that, unlike most ransomware, URSA does not rename any of the encrypted files. Screenshot of files encr
SearchConverterInc is rogue software classified as a browser hijacker. It operates by making changes to browser settings to promote searchconverterinc.com (a fake search engine). Additionally, SearchConverterInc monitors users' browsing habits. Due to the dubious methods used to proliferate brows
LIZARD is a ransomware-type program, which is identical to LANDSLIDE malware. Systems infected with LIZARD experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are renamed following this pattern: "[DeathSpicy@yandex.ru][id=v
reander[.]net is a scam website. Its main purpose is to scare visitors into downloading and installing a potentially unwanted application (PUA) by displaying a fake virus notification stating that the device is infected. Users do not often visit reander[.]net or similar web pages intentionally
"Cobra Industrial Machines email virus" refers to a spam campaign designed to proliferate malware. The term "spam campaign" defines a mass-scale operation, during which thousands of deceptive/scam emails are sent. The messages distributed through this campaign ask recipients to provide a product q
Foo belongs to the VoidCrypt ransomware family. This ransomware encrypts files and appends the encryptfull@criptext.com email address, victim's ID, and the ".Foo" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.[encryptfull@criptext.com][ZRC71WE2QGBLYX5].Foo", "2.jpg" to "2.jpg.