"Coronavirus Face Mask" is a scam email designed to proliferate Agent Tesla malware. The message uses the coronavirus pandemic to further its scheme. The email claims that recipients can order disposable face masks and forehead thermometers, however, rather than providing information concerning t
SearchZilla is advertised as an app which improves the browsing experience. In fact, it changes browser settings to promote feed.search-zilla.com, the address of a fake search engine. Apps that operate in this way are classified as browser hijackers. Note that, as well as promoting fake search eng
Neshta is malicious software that infects executable (.exe) system files and uses them to collect system information. It might also target removable storage devices and network shares. Neshta sends the information to a web server controlled by cyber criminals. Research shows that this malware is
Discovered by Jirehlov, Tongda2000 is one of many ransomware-type programs designed to encrypt files, change filenames and create/display ransom messages. Tongda2000 renames all files by appending "1" to their extensions. For example, it renames a file named "1.jpg" to "1.jpg1", and so on. It cre
Easy File Convert Promos is advertised as a program that converts documents, images, video and audio files to various formats. In fact, it also feeds users with various advertisements and is categorized as adware. These apps are also classified as potentially unwanted applications (PUAs), since pe
The My Login Hub application supposedly provides quick access to various email accounts - users can supposedly access them directly from a newly opened tab. In fact, My Login Hub is actually a browser hijacker, a potentially unwanted application (PUA). Generally, browser hijackers promote the addr
Go Easy Directions Promos is endorsed as a tool for easy access to various maps and routes, however, it is categorized as adware. Following successful infiltration, this app runs intrusive advertisement campaigns and delivers unwanted and even harmful ads. Additionally, Go Easy Directions Promos
Mostheatdr is a group of deceptive sites promoting various scams. Web pages belonging to this group have been observed promoting the "Dear Safari User, You Are Today's Lucky Visitor" scheme, however, they might also run other scams. Typically, people access these deceptive sites via redirects c
Heodo is a malicious program and another version of Emotet. Cyber criminals behind Heodo can use it to perform many malicious tasks. For example, to download and execute/install additional malware, steal various personal/sensitive information, and others. Therefore, if Heodo is installed on the op
R44s is a new variant of Ranion ransomware. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption tools/software. When this ransomware encrypts, all affected files are appended with the ".r44s" extension. For example, a file originally named