Discovered by Jirehlov, Horseleader is a part of the Garrantydecrypt ransomware family. This ransomware renames encrypted files by appending the ".horseleader" extension to filenames. For example, it renames "1.jpg" to "1.jpg.horseleader", and so on. It also changes the desktop wallpaper and crea
LatentBot is malicious software written in the Delphi programming language. It is capable of operating as a keystroke logger, form grabber, cookie stealer and Remote Access/Administration Tool (RAT). Cyber criminals behind this malware can use it to generate in various ways. If your computer is i
The PDFEasyTool application supposedly operates as a media file converter (conversion of various files to PDF documents). In fact, this is a browser hijacker that promotes a fake search engine. PDFEasyTool promotes pdfeasytool.com by changing certain browser settings. Most browser hijackers are d
califiesrease[.]info is a rogue site similar to go9news.biz, speakwithjohns.com, goodbase.biz and countless others. Visitors to these web pages are presented with dubious content and/or are redirected to other untrusted or malicious websites. Users rarely enter rogue sites intentionally - most ar
Primechse is a group of deceptive websites promoting various scams. Sites belonging to this group have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scheme, however, they might also promote other scams and untrustworthy or malicious web pages. Most visits to Prim
IntelRapid is malicious software designed to steal victims' cryptocurrency wallets. These wallets are used to track, store, receive and transfer cryptocurrencies, such as Bitcoin, Litecoin, Ethereum, Monero, Tether, Dash and many others. Therefore, the software can cause significant financial los
This tech-support scam tricks visitors into believing that their computers are infected with information-stealing malware and calling scammers via the number provided. Typically, these web pages are opened through other untrusted websites, dubious advertisements or by installed potentially unwante
go9news[.]biz is similar to many other dubious websites including, for example, speakwithjohns[.]com, exq-timepieces[.]com and odicfulbrid[.]info. Like most, it redirects visitors to other untrusted pages or loads dubious content. Typically, browsers open these pages when potentially unwanted app
Ncov is a part of the Dharma ransomware family. It encrypts files, changes filenames, creates a text file and displays a pop-up window. Ncov renames encrypted files by adding the victim's ID, coronavirus@qq.com email address and appending the ".ncov" extension to filenames. For example, a file na
vitosc.xyz is the address of a fake search engine. Typically, fake search engines are promoted through various potentially unwanted applications (PUAs), browser hijackers. This fake search engine is promoted through a PUA named SApp+ (or Smash App+) and Nittok, however, other apps might also promo