NuggetPhantom is a modularized malware toolkit consisting of three types of modules for deployment, download, and function execution. It targets computers that contain the EternalBlue vulnerability. Research shows that NuggetPhantom is used for cryptohijacking and DDoS attacks. Typically,
CompellingState functions as adware and as a browser hijacker. It generates advertisements and modifies browser settings without users' permission. It is also likely to collect browsing-related (and other) information. Typically, users do not download or install these apps intentionally and, th
There are many scam websites designed to display fake virus alerts, pop-up windows that suggest that users' devices are infected. These websites often seem similar to official Apple pages and usually contain a "Remove Virus" button linking users to a supposed security application. In summary, t
search.validexplorer.com is the address of a fake search engine. Typically, these URLs appear in browser settings after installation of a browser hijacker. Users often download and install browser hijackers unintentionally and, for this reason, they are categorized as potentially unwanted applic
Lockerxxs belongs to the Xorist ransomware family. It is designed to encrypt victims' files, rename each encrypted file, display a pop-up window/ransom message, and create the "HOW TO DECRYPT FILES.txt" file (another ransom message). It renames files by appending the ".lockerxxs" extension. For e
search.accessiblelist.com is a fake search engine. Most sites of this type are promoted via browser hijackers, apps that modify browser settings without users' permission. One app known to promote search.accessiblelist.com is called SkilledSearchAdvise, which not only promotes this site but als
Typically, browser hijackers promote fake search engines by modifying certain browser settings. This particular app promotes searchwebs.xyz. It also collects browsing history and possibly other data. Browser hijackers such as XoXoEmoticons are often downloaded and installed by users unintentional
There are many fake applications that mimic the look and/or functionality of legitimate apps and, once installed, perform malicious actions (e.g., generate advertisements, collect sensitive data). In this example, a fake app called Ultra Clear mimics a cryptocurrency wallet manager but, in fact,
16x ransomware was discovered by Jirehlov Solace. It encrypts files, appends the ".16x" extension to their filenames (e.g., "1.jpg" would be renamed to "1.jpg.16x", "2.jpg" to "2.jpg.16x", and so on), and displays a Command Prompt window (a ransom message) containing instructions about how to cont
Covid-20 is not typical ransomware and does not encrypt or rename files. After installation, it restarts the computer and then displays a ransom message in full screen mode (preventing Windows from booting). Therefore, rather than preventing victims from accessing their files, it does not allow th