Alfonso (also known as Al'fon$o) is an information stealer that cyber criminals sell on hacker forums. Typically, malware of this type targets credit card details, passwords (and other sensitive information), and runs stealthily in the system background. Alfonso stealer collects data such
In most cases, websites such as peachlandus[.]com display fake virus alert pop-ups stating that the visitor's device is infected, compromised, damaged, or harmed in some other way. In summary, they use deceptive methods to trick visitors into downloading and installing a potentially unwanted app
CryptPethya belongs to the family of ransomware called Xorist. It not only encrypts and renames victims' files, but also changes the desktop wallpaper and creates the "HOW TO DECRYPT FILES.txt" file in all folders that contain encrypted files. CryptPethya renames files by appending its name as th
As its domain name suggests, 4anime[.]to is a website offering an anime streaming service. There are two problems with this web page: 1) it is a pirate site that illegally distributes copyrighted content, and; 2) it uses rogue advertising networks (containing dubious ads). Neither 4anime[.]to nor
In most cases, phishing emails are sent by scammers who attempt to trick recipients into providing sensitive, personal information such as credit card details, login credentials (e.g., username, email address, password), social security numbers and other details. Most are disguised as official, im
NuggetPhantom is a modularized malware toolkit consisting of three types of modules for deployment, download, and function execution. It targets computers that contain the EternalBlue vulnerability. Research shows that NuggetPhantom is used for cryptohijacking and DDoS attacks. Typically,
CompellingState functions as adware and as a browser hijacker. It generates advertisements and modifies browser settings without users' permission. It is also likely to collect browsing-related (and other) information. Typically, users do not download or install these apps intentionally and, th
There are many scam websites designed to display fake virus alerts, pop-up windows that suggest that users' devices are infected. These websites often seem similar to official Apple pages and usually contain a "Remove Virus" button linking users to a supposed security application. In summary, t
search.validexplorer.com is the address of a fake search engine. Typically, these URLs appear in browser settings after installation of a browser hijacker. Users often download and install browser hijackers unintentionally and, for this reason, they are categorized as potentially unwanted applic
Lockerxxs belongs to the Xorist ransomware family. It is designed to encrypt victims' files, rename each encrypted file, display a pop-up window/ransom message, and create the "HOW TO DECRYPT FILES.txt" file (another ransom message). It renames files by appending the ".lockerxxs" extension. For e