Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is TrickMo?

The TrickMo banking Trojan, initially spotted in 2019, has resurfaced with enhanced features in 2023. The latest version uses JsonPacker for code concealment and introduces 45 commands, including screen content theft and overlay attacks for credential harvesting. Victims should remove this malware from infected Android devices immediately.

What kind of malware is GrafGrafel?

While investigating new submissions to the VirusTotal website, our research team discovered the GrafGrafel malicious program. It is part of the Phobos ransomware family. Malware within this classification encrypts data and demands ransoms for its decryption.

After we executed a sample of GrafGrafel on our test machine, it encrypted files and altered their filenames. Original titles were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".GrafGrafel" extension. To elaborate, a file initially named "1.jpg" appeared as "1.jpg.id[9ECFA84E-3511].[GrafGrafel@tutanota.com].GrafGrafel" following encryption.

After this process was completed, ransom notes were created/displayed in a pop-up ("info.hta) and text files ("info.txt"), the latter were dropped in encrypted directories and on the desktop. Judging from the messages therein, it is evident that GrafGrafel targets companies instead of home users. Additionally, it uses double extortion tactics.

What is "IPS Pending Package Delivery"?

Upon examination, it has become apparent that it is a phishing email disguised as notification from IPS regarding a pending package delivery. The perpetrators behind this scheme have crafted the message with the intention of deceiving recipients into divulging sensitive personal information.

What kind of software is Nbp.app?

Nbp.app is a piece of malicious software belonging to the Pirrit malware family. Upon inspection, we determined that it exhibits browser hijacker functionalities. Yet it is not unlikely that this software also has adware and data-tracking capabilities.

What is "Grand Theft Auto (GTA) VI Crypto Giveaway"?

This is a crypto giveaway scam designed to deceive unsuspecting individuals seeking opportunities in the cryptocurrency area. Operating under the guise of generosity, scammers exploit the allure of free digital assets to steal cryptocurrency. Users must exercise caution and verify the legitimacy of such offers to safeguard themselves from falling victim to scams.

What kind of malware is Nbwr?

Nbwr is ransomware belonging to the Djvu family that we have discovered while inspecting malware samples submitted to the VirusTotal platform. Our examination has revealed that Nbwr encrypts data, modifies filenames by appending the ".nbwr" extension, and generates a text file ("_readme.txt") containing a ransom note.

An example of how Nbwr renames files: it changes "1.jpg" to "1.jpg.nbwr", "2.png" to "2.png.nbwr", etc. An important detail about Djvu ransomware is that it is commonly distributed with information stealers (e.g., RedLine or Vidar).

What kind of malware is Nbzi?

Based on our scrutiny of malware samples submitted to VirusTotal, it has been determined that Nbzi is ransomware belonging to the Djvu family. Nbzi encrypts the victim's files and changes their filenames (appends the ".nbzi" extension). Also, Nbzi creates the "_readme.txt" file containing a ransom note.

An example of how files encrypted by Nbzi are renamed: "1.jpg" is changed to "1.jpg.nbzi", "2.png" is renamed to "2.png.nbzi", and so forth. Since Nbzi is part of the Djvu family, there is a chance that threat actors use information stealers like Vidar or RedLine to harvest data before encrypting files.

What kind of application is OpticalSkill?

Upon inspection, the outcome of our examination is that OpticalSkill is adware. This questionable application displays annoying advertisements. Also, OpticalSkill may harvest various information. The methods developers of such apps use for their distribution also raise concerns. Thus, it is recommended to avoid installing OpticalSkill.

What kind of email is "Comprobante de Transferencia Bancaria"?

After examining the "Comprobante de Transferencia Bancaria" email, we determined that it is malspam. This spam letter is presented as a notification regarding a bank transfer. However, the link that supposedly leads to the transaction receipt – downloads a malicious installation setup instead.

What kind of application is PolianthesTuberosa?

After careful examination, it has been determined that PolianthesTuberosa is an untrustworthy application capable of causing various harms to users. PolianthesTuberosa can access diverse data, control extensions, and themes, and enable the "Managed by your organization" feature (in Chrome and Edge browsers).