Discovered by Michael Gillespie, Berosuce is yet another ransomware infection from the Djvu family. As with other malware from this family, Berosuce encrypts most data stored on the system. It also appends filenames with the ".berosuce" extension (e.g., "sample.jpg" is renamed to "sample.jpg.beros
gloyah[.]net is related to adf.ly, a legitimate website that provides a URL-shortening service. The users of this service are paid for shortening URLs and promoting them, since each visitor is presented with a five-second advertisement before the target (website) is reached. Note that gloyah[.]net
Identical to Spotlight.app, Spaces (also known as Spaces.app) is a rogue adware-type application that promotes the searchbaron.com fake search engine. This application monitors web browsing activity and redirects users to searchbaron.com when they enter a search query. Spaces usually infiltrates
Belonging to the Phobos ransomware family, Actor is high-risk malware discovered by GrujaRS. After successful infiltration, Actor encrypts most stored files and appends filenames with the ".actor" extension, the developer's email address, and the victim's unique ID. For example, "1.jpg" might be
Discovered by GrujaRS, Acton is a new version of high-risk ransomware called Phobos. This malware is designed to stealthily infiltrate computers and encrypt most stored data. In doing so, Acton appends each filename with the victim's unique ID, developer's email address, and ".Acton" extension. F
Herad is yet another ransomware-type infection that belongs to the Djvu family. As with most Djvu variants, Herad was first discovered by Michael Gillespie. After successful infiltration, Herad encrypts most stored files and appends each filename with the ".herad" extension (hence the ransomware
central-messages[.]com is a rogue website designed to feed users with dubious content and redirect them to other untrustworthy sites. It is virtually identical to news-easy.com, forryortitwas.info, chanelets-aurning.com, and many others. Research shows that users typically visit central-messages[
"Transfast Email Virus" is yet another spam email campaign used to spread the Ave Maria trojan. Cyber criminals send hundreds of thousands of deceptive emails encouraging recipients to open an attached "payment slip". In fact, the file is malicious, and opening it leads to a malware infection.
advancemactools[.]live belongs to a network of websites that promote various potentially unwanted applications (PUAs) for Mac computers. Users typically visit sites such as advancemactools[.]live inadvertently, as they are redirected by intrusive advertisements (displayed on other rogue sites)
Discovered by Michael Gillespie, foSTE is high-risk ransomware that belongs to the GlobeImposter ransomware family. As with most ransomware infections, foSTE encrypts stored data, thereby rendering it unusable. Additionally, foSTE appends each filename with the ".foSTE" extension (hence its name).