OSAMiner is a cryptocurrency miner, a Monero mining Trojan that uses run-only AppleScripts targeting Mac computers. OSAMiner was first detected in 2015 and is still successfully used by cyber criminals due to its complex structure (use of run-only AppleScript files), which prevents researchers
Typically, scammers behind these emails claim to have hacked a computer (or other device) and recorded intimate video of recipients while they were visiting adult websites. The main purpose of the messages is to trick recipients into believing that the supposedly recorded video will be sent to al
14x encrypts files and adds the victim's ID, axitrun@cock.li, and appends the ".14x" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[axitrun@cock.li].14x", "2.jpg" to "2.jpg.id-C279F237.[axitrun@cock.li].14x", and so on. It also displays a pop-up window and creates
Technical support scam websites typically display pop-up windows windows stating that the computer is infected with malware, viruses, etc., and offer a telephone number for help with removing supposedly "detected threats". In most cases, these pop-ups appear on pages claiming to represent well-k
PrimaryProcesser not only generates ads but also promotes a fake search engine by changing browser settings. It is also likely to collect browsing data and/or other information. Therefore, this app is classified as adware and a browser hijacker. In most cases, users download and install apps of
Coos is ransomware belonging to the Djvu family. It encrypts and renames victims' files, and creates the "_readme.txt" file (a ransom message) in all folders that contain encrypted files. Coos renames each encrypted file by appending the ".coos" extension to filenames. For example, "1.jpg" is ren
TypicalInput is adware (generates ads), however, it can also be classified as a browser hijacker, since it promotes a fake search engine by changing browser settings without users' permission. Additionally, it is likely that this app collects browsing data and other information. TypicalInput an
Search Lovely and similar apps are classified as browser hijackers because they change browser settings to force users to visit a specific address (and use a fake search engine). This particular app promotes tailsearch.com in this way. Browser hijackers also collect browsing-related (and other) i
Rubly encrypts files and displays a ransom message in a pop-up window. It also renames each encrypted file by appending the ".rubly" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.rubly", "2.jpg" to "2.jpg.rubly", and so on. Note that Rubly is a part of the Jigsaw ransomware fa
Aol ransomware belongs to the family of ransomware called Dharma. It encrypts files and renames them. It also creates the "FILES ENCRYPTED.txt" file and displays a pop-up window - these contain ransom messages. Aol renames files by adding the victim's ID, astra2eneca@aol.com email address, and ap