Typically, malspam campaigns are disguised as legitimate and official in attempts to make them seem less suspicious. Cyber criminals send bogus emails to trick recipients into clicking the included link (thereby downloading and opening a malicious file) or simply opening/executing the attached fi
This untrusted website displays a deceptive notification stating that the computer is infected with viruses and attempts to scare users into downloading and installing potentially unwanted applications (PUAs). Typically, these web pages are opened when users visit other dubious websites, click bo
Cyber criminals behind this malspam campaign attempt to deceive recipients into believing that they have purchased a certain sum of Bitcoins and that opening the attached document supposedly contains more information about the purchase. In fact, the attached document is malicious and designed to i
Tabe is a malicious program belonging to the Djvu ransomware family. Systems infected with this malware experience data encryption and users receive ransom demands for decryption tools/software. During the encryption process, all affected files are appended with the ".tabe" extension. For example
Discovered by Michael Gillespie, Usam is a malicious program that belongs to the Djvu ransomware family. Typically, malware of this type encrypts files, modifies their filenames and creates and/or displays a ransom message. Usam renames encrypted files by appending the ".usam" extension to their f
Discovered by Jakub Kroustek, R3f5s is a malicious program belonging to the Dharma ransomware family. This malware encrypts data in order to demand payment for decryption. During the encryption process, all affected files are renamed according to this pattern: original filename, unique ID, cyber c
Yogynicof is designed to encrypt files, change their filenames, and create a number of ransom messages. It renames all encrypted files by changing their names to a certain number (from zero to the total number of files). For example, if there are three files in a folder, it renames one file to "1"
UpgradeCoordinator is software classified as adware and also possessing browser hijacker traits. This application operates by running intrusive advertisement campaigns, modifying browser settings, and promoting fake search engines. UpgradeCoordinator promotes Safe Finder via search.adjustablesam
Convert PDF Hub is designed to promote hp.hconvertpdfhub.com and search.hconvertpdfhub.com (addresses of fake search engines) by changing certain browser settings. It is also likely that this app will gather information relating to users' browsing activities. Browser hijackers are categorized as
s3redirect.com is the address of a fake search engine. Typically, these addresses appear in browser settings after installation of a browser hijacker. Research shows that one of the browser hijackers that promotes s3redirect.com is called Kano APP, however, it is possible that this address is prom