The CryCryptor Ransomware is a file-locking Trojan for Android devices. The CryCryptor Ransomware holds various media formats of files hostage by encrypting them and creates text messages with e-mail-based ransom negotiating recommendations. Users can recover with backups or free decryption options while allowing their anti-malware tools to identify and uninstall the CryCryptor Ransomware. File-locking Trojans are becoming all the rage with Android systems, just as they already dominate...

The XORDDoS Botnet is a newly discovered botnet that appears to share similarities with the infamous Kaiji Botnet family. However, some of the features seen in XORDDoS are different, and it also appears to pay special attention to vulnerable Docker servers when looking for victims. The purpose of the botnet is to execute Distributed-Denial-of-Service (DDoS) attacks by harvesting all infected hosts' network and hardware resources and using them to overload a targeted Web server. DDoS attacks...

The Gomer Ransomware is a newly discovered file-encryption Trojan whose creators are spreading it online already. They rely on multiple techniques to reach as many victims as possible – spam emails, torrents, fake downloads and more. Victims of the Gomer Ransomware are likely to experience huge data loss because of this threat's ability to encrypt the contents of file formats permanently – documents, images, archives, videos and others. Whenever the Gomer Ransomware encrypts a file, it will...

The Track Package Tab is a browser add-on whose presence on your computer is undesired because of the changes it may bring to your Web browser's behavior. The Track Package Tab claims to be a useful and handy package-tracking utility that can be accessed through your Web browser. However, we assure you that there are plenty of free online services that fulfill the same purpose without asking you to install 3rd-party software. Apart from not offering anything unique, there is another reason...

SearchMainInfo is a browser-hijacking application that is only compatible with Mac devices – this means that Windows users should not worry about it. The good news is that SearchMainInfo is not a threat to your Mac's safety, and having it on your computer is not a significant problem. However, SearchMainInfo's presence is usually linked to undesired changes to your Web browser's configuration – this happens because SearchMainInfo creates a new device profile to force specific settings into...

Mac computers are known to be very secure, and they are the target of high-profile malware rarely. However, this does not mean that owners of Mac computers should underestimate the importance of security features. There are plenty of low-level intrusive applications such as adware and browser hijackers that have no trouble working on Macs. One of the recent inclusions to the list of browser hijackers compatible with Mac is the LookWebResults – as soon as it is installed, it may modify the...

Palo APP is a dodgy browser extension that is compatible with popular Web browsers like Google Chrome and Mozilla Firefox. Users who end up installing it may see undesired changes to their Web browser's settings - Palo APP is known to replace the default new tab the browser uses with Gooogle.page. Needless to say, Gooogle.page has nothing to do with Google, and its administrators have adopted this name to trick users into thinking that the page is legitimate. The good news is that...

Withoughzp.club is a fraudulent page that relies on bogus messages and misleading instructions to trick visitors into allowing the website to use their browser's notifications feature. This change sounds very minimal, but you can rest assured that the behavior of the Withoughzp.club notifications will be highly noticeable – they will appear every few minutes. Their contents may often contain fake virus alerts, warnings, tactics and other shady content. It is not uncommon for such...

Havilizedkj.club is a fake website that tries to trick you into subscribing to its notifications by telling you to click 'Allow' to play a video or to pass a robot check. Regardless of what Havilizedkj.club promises you, you can rest assured that you should not click 'Allow' because you will not get anything of value in return. Clicking this button does only one thing – it subscribes you to Havilizedkj.club's push notifications, and drastically reduces the quality of your Web browsing...

The Mist Stealer is a tool that is being sold on hacking forums currently. Its author claims that it is an update to an outdated stealer software that was old, which also is sold publicly – they claim that the new version is better at evading anti-virus software and it supports most infostealing features that would allow the attacker to snatch even more sensitive data. Overall, the project does not appear to be very sophisticated, and this is why it is being sold at a relatively low price,...

Vikro Stealer is an advanced piece of malware that is being sold on Russian-speaking forums. The threat is able to exfiltrate various data types from infected hosts, and it can be used for long-term attacks thanks to its ability to steal files from infected systems. Needless to say, Vikro Stealer has huge capabilities, and it is not a threat that should be underestimated. Another reason to be afraid by the Vikro Stealer is that it can be used by anyone – the original author of the project is...

Decamefuy.club is a shady page designed to hijack your browser's push notifications, and then use this feature to spam you with affiliate links, advertisements for Potentially Unwanted Programs (PUPs,) and other irrelevant content. Since these advertisements appear as browser notifications, they cannot be stopped via an ad blocker, and they will appear on all websites you use. In some cases, the push notifications of Decamefuy.club may work while the browser is closed, therefore allowing them...

Subscribing to the push notifications of unknown websites might sound like a minor annoyance, but you can rest assured that there are plenty of pages that will abuse this subscription to boost their ad revenue drastically. One of these pages is Privatedeq.club – it is known to serve a large number of browser notifications, and their contents often may be unreliable or straight-up fake. Of course, people would not grant a random page the ability to display browser notifications, so...

Web browser notifications are a great feature when you allow trustworthy websites to use it. However, there are plenty of shady sites that want to exploit this feature to serve advertisements - Determinalu.club is just one of them. Users who see this page's prompts may be asked to click 'Allow,' and they will find it difficult to leave the page – as soon as they try to get away, they might be presented with more prompts asking them to click 'Allow.' The page may try to mask its intentions by...

Althoutujym.club is a page whose pop-ups try to convince you to click 'Allow.' The page might try to trick you into thinking that you must complete this step to continue browsing or unlock a piece of media – however, the only thing that clicking the 'Allow' button changes is to subscribe the users to the notifications of Althoutujym.club. This change is not unsafe, but your Web browsing sessions will become very unenjoyable because of the sheer number of Althoutujym.club notifications you...

Email tactics are still helping online con artists make money out of innocent users, so you should try to familiarize yourself with some of the more common tricks that such tactics rely on. One of the most recent schemes of this sort is the 'You may not know me, and you are most likely wondering why you're getting this mail' email scam – it tells the recipients that the attackers have obtained a video of them while they were browsing an adult site, and the content will be sent out to all...

Online con artists experiment with new ways to trick regular user regularly, and one of the latest trends in their campaigns are the so-called sextortion tactics. The fraudsters tell their victims that they have obtained a pornographic video or image of them and threaten to send it to their family, friends, and co-workers unless they agree to pay a ransom fee. One of the latest variants of this fraudulent scheme is referred to as the 'I am a hacker, and I have access to your operating system'...

The Deal_for_access Ransomware is a file-locking Trojan that can keep documents and similar media on your PC from opening. Its attacks include a ransom note that extorts money for an unlocker service that the attacker may or may not provide. Users should avoid paying, if possible, and restore their work through a backup after removing the Deal_for_access Ransomware through dedicated anti-malware tools. As much has file-locking Trojans are a thoroughly-polished industry of...

Discord, one of the most popular services for gamers, has become an attractive target for cybercriminals due to some flaws in the software's design. One of the first hacking tools to exploit Discord is called the AnarchyGrabber, and it was used by a long list of cybercriminals to obtain data saved by the Discord client. Since then, cybersecurity researchers have identified dozens of infostealers that mimic the AnarchyGrabber's behavior, and today a brand new name has been added to the list –...

ProstoClipper is a threatening application that has a name very similar to ProstoStealer, but these two threats are not identical. Both of them appear to be the product of Russian-speaking malware developers, and they are being advertised on hacking forums actively – other hackers can purchase the right to use ProstoClipper by choosing one of the payment plans that the original author offers. Commodity malware like ProstoClipper is considered to be a major threat to users worldwide, because...