Discovered by Jakub Kroustek, Mark (Dharma) is a part of the Dharma ransomware family. This ransomware renames all encrypted files by adding the victim's ID, mark_white@mail.ua email address, and ".Mark" extension to filenames. For example, a file named "1.jpg" might become "1.jpg.id-1E857D00.[mar
Discovered by Petrovic, Voyager is a new variant of Hermes837 ransomware. Systems infected with this malware experience data encryption and users receive ransom demands for decryption. During the encryption process, all affected files are appended with the ".voyager" extension. For example, a fil
SpeedyFixer is advertised as software that boosts computer speed and fixes various errors, crashes and application freezes. In fact, it is classified as a potentially unwanted application (PUA) due to its associated distribution methods (SpeedyFixer is promoted by including it into the set-ups of
Gourluck is a group of deceptive sites. These web pages run various scams, including a commonly promoted scheme called "Dear Safari User, You Are Today's Lucky Visitor". Few users enter these websites intentionally - most are redirected to them by intrusive ads or Potentially Unwanted Applicatio
Discovered by S!Ri, Adhubllka is a malicious program classified as ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for appropriate decryption tools/software. When Adhubllka encrypts, it renames files by adding the ".ADHUBLLKA" extension. F
Discovered by Jirehlov, Horseleader is a part of the Garrantydecrypt ransomware family. This ransomware renames encrypted files by appending the ".horseleader" extension to filenames. For example, it renames "1.jpg" to "1.jpg.horseleader", and so on. It also changes the desktop wallpaper and crea
LatentBot is malicious software written in the Delphi programming language. It is capable of operating as a keystroke logger, form grabber, cookie stealer and Remote Access/Administration Tool (RAT). Cyber criminals behind this malware can use it to generate in various ways. If your computer is i
The PDFEasyTool application supposedly operates as a media file converter (conversion of various files to PDF documents). In fact, this is a browser hijacker that promotes a fake search engine. PDFEasyTool promotes pdfeasytool.com by changing certain browser settings. Most browser hijackers are d
califiesrease[.]info is a rogue site similar to go9news.biz, speakwithjohns.com, goodbase.biz and countless others. Visitors to these web pages are presented with dubious content and/or are redirected to other untrusted or malicious websites. Users rarely enter rogue sites intentionally - most ar
Primechse is a group of deceptive websites promoting various scams. Sites belonging to this group have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scheme, however, they might also promote other scams and untrustworthy or malicious web pages. Most visits to Prim