FPMPlayer is a potentially unwanted application (PUA) that is distributed using a fake Adobe Flash Player installer. In most cases, users download and install apps that are distributed using such methods inadvertently. Fake installers are often used to distribute multiple PUAs at once and, ther
"Burofax Online" refers to a spam email campaign spreading the Mekotio Trojan. The term "spam campaign" describes a large-scale operation, during which thousands of deceptive/scam emails are sent. The messages sent in this particular campaign are disguised as notifications concerning an unspecifi
Discovered by GrujaRS, Fcorp is based on open-source ransomware called Hidden Tear. Fcorp encrypts files and appends the ".fcorp" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.fcorp", "2.jpg" to "2.jpg.fcorp", etc. This ransomware also replaces the desktop wallpaper with its r
Discovered by GrujaRS, ByteLocker is a ransomware-type program based on the Hidden Tear (HiddenTear) open-source project. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. Typically, ransomware encrypts files and changes associated fi
ProductChannel displays advertisements, changes browser settings, and collects sensitive information. ProductChannel is a type of app that functions as adware, a browser hijacker, and data collector. These apps are often downloaded and installed by users unintentionally and, for this reason, th
BLADABINDI is a backdoor threat, designed to inject systems with malicious payloads. I.e., following successful infiltration, it stealthily downloads/installs malware onto affected systems. At the time of research, BLADABINDI has been observed being proliferated by and bundled with Windscribe VPN
Junkie web is a browser hijacker, which promotes the keysearchs.com fake search engine. Software within this classification usually operates by making modifications to browser settings in order to promote bogus search engines. Despite this, Junkie web does not always modify browsers when promoting
There are many deceptive websites that display fake virus notifications stating that the device (typically, iPhone) is infected and/or there are other problems that must be resolved immediately, otherwise more damage will be done. Note that systemnotices[.]com also has this behavior. The main p
InitialProgram is untrusted software classified as adware, which also has browser hijacker traits. Following successful infiltration, this application delivers intrusive advertisement campaigns (resulting in various unwanted ads) and makes changes to browser settings to promote bogus search engi
Dexx is malicious software and part of the Dharma ransomware group. It operates by encrypting data and demanding payment for decryption. When Dexx ransomware encrypts, it renames files following this pattern: original filename, unique ID assigned to the victims, cyber criminals' email address, and