Default Search hijacks web browsers by modifying certain settings (assigning them to find.defaultsearch.info). In this way, it promotes a fake search engine. If installed on Google Chrome, Default Search adds the "Managed by your organization" feature as well. Additionally, this browser hijacker
Memorama is a game designed for people who wish to improve their memorization skills. It uses an in-game currency called Cristales, a certain sum of which can be purchased using the Memorama in-app purchase feature. In fact, there are various websites offering to generate Cristales free of charge.
MarketService is an adware-type application with browser hijacker traits. Following successful installation, it delivers intrusive advertisement campaigns, makes modifications to browser settings and promotes fake search engines. MarketService promotes 6v5f3l.com on Safari browsers and search.lo
RedDelta is the name of a threat activity group targeting the Vatican and Catholic Church-related, and some non-governmental, organizations. Research shows that the group uses malware variants for their attacks, one of which is a modified variant of PlugX referred to as RedDelta PlugX. Other known
charmsearching.com is the address of a fake search engine. These bogus web search engines are usually promoted by Potentially Unwanted Applications (PUAs), classified as browser hijackers. This software operates by making modifications to browser settings to promote fake search tools (including ch
JB78 replaces the filenames of encrypted files with the jamesBaker78@criptext.com email address, a string of random characters. It also appends the ".JB78" extension to them. For example, "1.jpg" is renamed to "[JamesBaker78@criptext.com].y5ebua4u-oXnxuIWO.JB78", "2.jpg" to "[JamesBaker78@criptex
FG69 is a malicious program that belongs to the Matrix ransomware family. Like most of these programs, it encrypts files, renames them and creates a ransom message. FG69 renames files, replacing their filenames with the Adamfox69@criptext.com email address, a string or random characters, and appen
Websites such as service24[.]report often trick visitors into downloading and installing potentially unwanted applications (PUAs). In many cases, these web pages claim that the device is infected with viruses and offer to remove them with a specific app. Note that users do not often visit sites
hilanfavouris[.]top is a rogue web page sharing many similarities with a1-nerdhut.com, belighterservice.com, myfreshposts.com and thousands of others. Visitors to this site are presented with dubious content and/or are redirected to other untrusted or possibly malicious websites. Typically, users
Commonly, browsers are forced to open websites such as a1-nerdhut[.]com due to installed potentially unwanted applications (PUAs). I.e., users do not often visit these web pages or download/install PUAs intentionally. Note that most PUAs promote sites like a1-nerdhut[.]com, serve ads, and gather