Cuba (also known as COLDDRAW) was discovered by Raby and encrypts files, changes filenames by appending the ".cuba" extension, and creates the "!!FAQ for Decryption!!.txt" text file (ransom message). For example, "1.jpg" is renamed to "1.jpg.cuba", and so on. Typically, people who have computers
NEWS is a malicious program belonging to the Dharma ransomware family. It operates by encrypting the data of infected devices so that ransom demands can be made for decryption tools/software. When NEWS malware encrypts, all files are renamed according to the following pattern: original filename,
balanceforsun[.]com a rogue website that, if opened, redirects to untrusted websites or loads dubious content. Browsers commonly open pages such as balanceforsun[.]com due to installed potentially unwanted apps (PUAs) - people do not generally open them intentionally. PUAs cause redirects to dubi
Stream Live Radio is a dubious application advertised as a tool for quick access to various online radio services. This app is a browser hijacker, which operates by altering settings to promote search.streamliveradiotab.com, a fake search engine. Furthermore, it has data tracking capabilities to m
There are numerous dubious websites that contain deceptive advertisements, demand permission to show notifications, and display deceptive pop-up windows and other intrusive content that should not be clicked. Many people have recently noticed that unwanted events are added to the Calendar appli
New File Converter is a rogue application, endorsed as a tool for quick access to file conversion services. In fact, it operates as a browser hijacker (i.e., modifies browsers to promote search.newfileconvertertab.com, a fake search engine). Additionally, it monitors users' browsing habits. Since
The TV Streaming Plus app supposedly provides quick access to various online TV and Movie streaming websites, however, it is categorized as a potentially unwanted application (PUA), a browser hijacker. TV Streaming Plus promotes tvstreamingplus.com (the address of a fake search engine) by changing
sawhitpew[.]site is one of many websites that redirect visitors to other rogue, potentially malicious site or load dubious content. More examples of websites similar to sawhitpew[.]site are betanews[.]me, fastnewstream[.]com and lifeimpressions[.]net. Typically, they are opened through other dubi
RunBooster is categorized as a potentially unwanted program (PUP) and adware ('malvertising' adware) that infiltrates systems without consent and causes pop-up redirects (ads). It might also record user-system information relating to Internet browsing activity. Following infiltration, RunBoo
streamoverlyquickprogram[.]com is a deceptive website running a fake Flash Player updater. It claims that Flash is outdated and advises users to update it. Note that bogus software updaters are commonly used to infiltrate untrusted software (e.g. Potentially Unwanted Applications - PUAs) and eve