Assist_decoder was discovered by Amigo-A and is part of the Cryakl ransomware family. Malicious programs of this type are designed to encrypt files, rename them and create and/or display ransom messages. Assist_decoder renames encrypted files by adding the 3335799@protonmail.com_sel1 email addres
TV Search is a browser hijacker endorsed as a tool supposedly capable of providing access to various free TV and movie streaming services. This software modifies browser settings to promote services.gettvsearch-svc.org (a fake search engine). Furthermore, it monitors users' browsing activity. Due
Cheetah is a keylogger (keystroke logger), which is sold for $30/month, $65/three months, and $110/year. Software of this type records keys pressed on the keyboard (keyboard input). Typically, cyber criminals attempt to trick people installing keyloggers on their computers so that they can steal
Winprizes is a group of deceptive websites, which promote various scams. For example, these web pages have been observed promoting "Latest version of Adobe Flash Player" and "Dear Chrome User, Congratulations!" scams. Note that different schemes or other dubious content might also be accessed vi
Rxx is malicious software belonging to the Dharma ransomware family. This malware was discovered by Jakub Kroustek and operates by encrypting data in order to demand payment for decryption tools/software. During the encryption process, all compromised files are renamed according to the following
Research shows that cyber criminals behind PwndLocker ransomware target business networks and local governments. PwndLocker encrypts files with the RSA-2048 encryption algorithm and creates a ransom message within a text file named "H0w_T0_Rec0very_Files.txt", which can be found in folders that co
Deman is a malicious program belonging to the Everbe ransomware family. This malware operates by encrypting the data of infected systems so that ransom demands can be made for decryption. During the encryption process, the filename extensions of all affected files have "deman" added to them. For
qlopx.xyz is the address of a fake search engine promoted through a potentially unwanted application (PUA), a browser hijacker called SApp+ (or Smash App+). It is possible that other apps also promote qlopx.xyz. Generally, apps of this type promote the addresses of fake search engines by changing
Discovered by malware researcher Raby, Anon is a malicious program classified as ransomware. Systems infected with this malware suffer data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".anon000" extension. For
MuchLove is a ransomware-type infection based on HiddenTear. It renames all encrypted files by appending the ".encrypted" extension to filenames. For example, it renames "1.jpg" to "1.jpg.encrypted", and so on. MuchLove also creates a ransom message within the "READ_IT.txt" file, which can be foun