This malspam campaign is disguised as a message from Billtrust with an invoice attached. In fact, cyber criminals send this email to trick recipients into infecting their computers with malicious software. Typically, malware is installed when recipients execute a malicious file. Therefore, you ar
"Ad by Pop" is a message displayed on advertisements delivered by various rogue browser extensions. Ads containing this message have been observed being delivered by Beautiful Comfortable, Wrong Literature, Drab Victorious, and countless other dubious extensions. These browser extensions also add
FlyBox was discovered by 0x0. It renames encrypted files by appending the ".FlyBox" extension. For example, a file named "1.jpg" would change to "1.jpg.FlyBox", "2.jpg" to "2.jpg.FlyBox", etc. Instructions about how to contact the cyber criminals behind FlyBox and pay the ransom are provided in a
"Server Notification" is a spam email campaign. The term "spam campaign" is used to define a large scale operation, during which scam emails are sent by the thousand. There are several, practically identical variants of "Server Notification" emails. These messages claim that additional safety mea
PlusAbout is a rogue application classified as adware. It operates by running intrusive ad campaigns (i.e. it delivers various unwanted and even harmful advertisements). This app also has browser hijacker traits, such as browser settings modification and promotion of bogus search engines. PlusA
Discovered by GrujaRS, Wholocked is malicious software categorized as ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools. During the encryption process, all compromised files are appended with the ".wholocked" extension.
FrequencySignal is an adware-type application with browser hijacker traits. It operates by running intrusive advertisement campaigns, makes alterations to browser settings and promotes fake search engines. FrequencySignal promotes Safe Finder via akamaihd.net. Additionally, most adware and brow
Discovered by dnwls0719, IT is a ransomware-type malicious program, named for its use of imagery of the character, Pennywise, The Dancing Clown from the IT film series (2017-2019) based on Stephen King's novel of the same name. This malware is a new variant of Cobra Locker ransomware. The malicio
SoftwareHandler is rogue software categorized as adware and possesses browser hijacker traits. After successful installation, it runs intrusive ad campaigns, modifies browser settings, and promotes bogus search engines. SoftwareHandler promotes Safe Finder through akamaihd.net. Most adware-type
"Universidade de Lisboa" is a spam email campaign designed to spread the LokiBot Trojan. The term "spam campaign" is used to define a large scale operation, during which thousands of deceptive emails are sent. The messages distributed through this spam campaign are in Portuguese and disguised as m