Search Power+ is a potentially unwanted application (PUA), a browser hijacker. This rogue app hijacks browsers by assigning certain settings to searchpowerapp.com, the address of a fake search engine. PUAs often collect user-system information as well. Browser hijackers are categorized as PUAs, si
Eventbot is a banking Trojan which targets Android users. It attempts to steal sensitive information (such as credit card details, credentials) using overlay technique. It also abuses the Accessibility Service. Eventbot can be the reason behind serious privacy issues, monetary loss and other probl
Pekraut is malicious software classified as a Remote Access Trojan (RAT). This malware allows remote access and control over the infected device. RATs have a variety of capabilities and features, which enable a broad range of misuse. Pekraut Trojan has 27 commands, though at the time of research,
Mpaj is malicious software belonging to a family of ransomware infections called Djvu. The program is designed to encrypt victims' files, rename them by appending a specific extension, and create a ransom message. This ransomware renames all encrypted files by appending the ".mpaj" extension. For
Discovered by dnwls0719, Tilde is a malicious program and adware classified as ransomware. During the encryption process, all affected files are appended with the ".~~~~" extension. For example, a file originally named as something like "1.jpg" would appear as "1.jpg.~~~~" following encryption. O
Discovered by S!Ri, Random Ransom encrypts files, modifies their filenames and displays a pop-up window containing a message. Random Ransom changes encrypted files by appending the ".RANDOM" extension to filenames. For example, it renames "1.jpg" to "1.jpg.RANDOM", "2.jpg" to "2.jpg.RANDOM", and s
ActiveMulti is a rogue application with browser hijacker characteristics and classified as adware. It operates by delivering intrusive advertisements, altering browser settings and promoting fake search engines. This app promotes Safe Finder via the akamaihd.net website. Additionally, most adwa
Netuniverse is a group of deceptive websites running various schemes. Sites belonging to this family have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scam, however, they might also promote other dubious schemes. Few users access Netuniverse web pages intentiona
mysupertab.com is the address of a fake search engine. Typically, fake search engines are promoted through potentially unwanted applications (PUAs) classified as browser hijackers. Note that mysupertab.com is promoted through a PUA named MySuperTab. Apps of this type promote addresses of fake sea
Revon is a malicious program, belonging to the Phobos ransomware family. It encrypts data and demands payment for decryption tools/software. During encryption, the files are renamed according to this pattern: original filename, unique ID, cyber criminals' email address and the ".revon" extension.