DataBankasi is a piece of malicious software categorized as ransomware. It is designed to encrypt data and demand ransoms for decryption. After we executed a sample of DataBankasi on our test system, this ransomware encrypted files and appended their filenames with a ".databankasi" extension. For
Spartan Hack is the name of ransomware based on another ransomware called Chaos. We discovered it while examining malware samples submitted to the VirusTotal website. The purpose of Spartan Hack is to encrypt files (to make them inaccessible for victims). Also, Spartan Hack renames files, changes
ExplorerIndex is an advertising-supported application. The purpose of this application is to generate intrusive advertisements. Usually, adware is promoted and distributed using deceptive methods. We discovered ExplorerIndex while inspecting deceptive websites suggesting that the Adobe Flash Pla
"Windows Defender email scam" refers to spam emails disguised as messages regarding a contract renewal for "Windows Defender". It must be emphasized that these letters are fake and in no way associated with the Microsoft Defender Antivirus (formerly named Windows Defender) or its developers - the
RokRAT is the name of a Remote Administration Trojan (RAT). Cybercriminals use RATs to access infected computers remotely and perform malicious tasks. RATs allow them to achieve almost any objective on the infected system. Usually, RATs are used to drop additional payloads (inject other malware) o
888 (also known as LodaRAT and Gaza007) is a Remote Access Trojan (RAT) targeting Android operating systems. Trojans of this type enable remote access/control over infected devices. Initially, the 888 RAT's developers offered this piece of malicious software for sale as Windows OS (Operating Syst
After inspecting carefully-to-remind[.]xyz, we concluded that it is one of the deceptive websites running the "McAfee - Your PC is infected with 5 viruses!" scam. Creators of this page aim to trick visitors into believing that their computers are infected and purchasing antivirus software. Also, c
Iq20 is ransomware that belongs to the Dharma ransomware family. It encrypts files and appends the victim's ID, iq200@tutanota.com email address, and ".iq20" extension to filenames. It also shows a pop-up window and creates the "info.txt" file containing ransom notes. We discovered Iq20 while chec
Diamond is ransomware - malware that encrypts files to make them inaccessible until a decryption tool purchased from the attackers is used for their decryption. Also, Diamond ransomware replaces the names of encrypted files with random characters and appends the ".diamond" extension to filenames.
While checking out suspicious websites, our researchers discovered the protection-availability[.]xyz rogue page. It runs scams, promotes spam browser notifications, and redirects visitors to different (likely unreliable/hazardous) webpages. Sites like protection-availability[.]xyz are typically ac