Deathfiles is a type of malware that encrypts victims' files and appends the ".deathfiles" extension to the filenames of all encrypted files. For example, "1.jpg" is renamed to "1.jpg.deathfiles", "2.jpg" to "2.jpg.deathfiles", and so on. Deathfiles provides contact information and various other
"Tienes una multa pendiente" refers to a spam email campaign designed to proliferate the Mekotio Trojan. The term "spam campaign" is used to define a large-scale operation, during which thousands of deceptive/scam emails are sent. This Spanish-language spam campaign distributes messages claiming t
Adware is a type of software that displays ads. GenerationUpdater also changes browser settings (to promote a fake search) engine and might also collect browsing data (and other) information. In summary, GenerationUpdater functions as adware and a browser hijacker. In most cases, users download
"TikTok Followers Hack" refers to a scam run on various deceptive sites. This scheme offers the bogus service of generating followers, fans and 'likes' for users' content on TikTok, a video-sharing social networking platform owned by the ByteDance Ltd. company. Note that the "TikTok Followers Hac
Discovered by 0x4143, CNH encrypts files and appends the ".cnh" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.cnh", "2.jpg" to "2.jpg.cnh", and so on. It also creates the "README.txt" file, a ransom message with contact information. The "README.txt" text file is a short ran
NewPDFSearch is dubious software categorized as a browser hijacker. It makes modifications to browser settings to promote newpdfsearch.com (a fake search engine). Browser hijackers are usually able to track browsing-related data, and it is likely that NewPDFSearch operates in this manner as well.
PDFConverterSearcher changes assigns specific browser settings to pdfconvertersearcher.com, the address of a fake search engine. Like most browser hijackers, PDFConverterSearcher changes these settings without users' permission. This app can also read browsing-related and possibly other informatio
LyDark is malicious software, which is part of the Xorist ransomware family. It is designed to encrypt data and demand payment for decryption. During the encryption process, all affected files are appended with the ".LyDark" extension. For example, a file originally named something like "1.jpg" wo
PAYMENT belongs to the Phobos ransomware family. It is designed to encrypt files, rename each encrypted file, display a ransom message, and create the "info.txt" text file (second ransom message). PAYMENT renames files by adding the victim's ID, the ICQ username of its developers, and appending t
"Advance Payment Received" is a spam email campaign. This term refers to a mass-scale operation, during which thousands of deceptive emails are sent. The messages sent through this spam campaign are presented as notifications concerning a purchase order. Note that "Advance Payment Received" email