Igal belongs to family of ransomware called Djvu. Typically, malware of this type encrypts files, renames them, and generates ransom messages. Igal renames files by appending the ".igal" extension to filenames and creates the "_readme.txt" text file (ransom message) in all folders that contain en
tlouslyrevor[.]top is similar to etrolhidde[.]fun, yourfreshposts[.]com, check-the[.]news and many other sites. These are often promoted via potentially unwanted applications (PUAs), and users do not visit them intentionally. Note that, similarly, PUAs are not often installed intentionally.
The MacBooster (MacBooster 6 and MacBooster 7) application claims to provide various system optimization tools. Many users believe that MacBooster is legitimate and useful, however, developers proliferate this app using the "bundling" method. Therefore, it often infiltrates systems without permi
Generally, users do not visit pages such as etrolhidde[.]fun intentionally - they are promoted by potentially unwanted applications (PUAs). Similarly, users do not often download or install these apps intentionally. PUAs are usually designed to promote sites like etrolhidde[.]fun, serve ads, and c
Browsers often pages such as yourfreshposts[.]com when potentially unwanted applications (PUAs) are installed on them. I.e., users do not often visit these pages intentionally. Furthermore, they do not often download or install PUAs intentionally. PUAs promote sites such as yourfreshposts[.]com,
Users do not often visit web pages such as check-the[.]news intentionally - they are opened by browsers that have potentially unwanted applications (PUAs) installed. Note that PUAs are designed to open sites such as check-the[.]news, generate ads, and collect data. There are many pages similar to
"Google Forms email scam" refers to a phishing spam campaign, which employs Google Forms to gather user data under false pretences. The term "spam campaign" defines a mass-scale operation, during which thousands of scam emails are sent. Google Forms is survey administration software, which is part
Banhu is malware that belongs to the Phobos ransomware family. It is designed to encrypt files, modify their filenames, and generate two similar ransom messages. Banhu renames files by adding the victim's ID, gooddecrypt@airmail.cc email address and appending the ".banhu" extension to filenames.
Commonly, websites such as yskimmed[.]top are promoted by potentially unwanted applications (PUAs) that many users download and install inadvertently. I.e., people do not often visit these sites intentionally. There are many other pages similar to yskimmed[.]top on the web including, for example,
Discovered by M. Shahpasandi, AMJIXIUS encrypts files and renames them by adding the ancrypted1@gmail.com email address, victim's ID, a string of random characters, and appending the ".AMJIXIUS" extension to filenames. For example, "1.jpg" is renamed to "1.jpg.[ancrypted1@gmail.com][RHNjhHl29nDt]