Step-by-Step Malware Removal Instructions

Fake Multichain Website Scam
Phishing/Scam

Fake Multichain Website Scam

While investigating suspect websites, our researchers discovered this fake "Multichain" page (arbiusclaim.pages[.]dev; potentially, other domains). This webpage impersonates the official Multichain website (multichain.org). The scam aims to deceive users into exposing their digital wallets to a cr

Webmail Server Email Scam
Phishing/Scam

Webmail Server Email Scam

After reviewing this "Webmail Server" email, we learned that it is spam. This fake suspicious sign-in alert aims to trick recipients into visiting a phishing website that targets email account log-in credentials. It must be stressed that this message is not associated with any legitimate service p

Order Placement Email Virus
Phishing/Scam

Order Placement Email Virus

Our inspection of the "Order Placement" email revealed that it is malspam. This message lures recipients into opening a malicious attachment by presenting it as an order placement. The goal of this campaign is to infect recipients' devices with malware. The spam email with the subject "Ref

Data From All Your Devices Is Copied To My Servers Email Scam
Phishing/Scam

Data From All Your Devices Is Copied To My Servers Email Scam

After reading this "Data From All Your Devices Is Copied To My Servers" email, we determined that it is a sextortion scam. This spam message claims that the recipient's devices were infected, and the malware was used to record a sexually explicit video of them. If the recipient refuses to meet the

Whiventatism.com Ads
Notification Spam

Whiventatism.com Ads

Whiventatism[.]com is a rogue webpage discovered by our researchers during a routine inspection of suspicious sites. This page promotes browser notification spam and generates redirects to different (likely unreliable/dangerous) websites. The majority of visitors to whiventatism[.]com and similar

Chmicutuding.com Ads
Notification Spam

Chmicutuding.com Ads

Our research team found the chmicutuding[.]com rogue page while browsing dubious websites. Upon examination, we determined that this webpage endorses browser notification spam and redirects users to other (likely untrustworthy/malicious) sites. Most visitors to chmicutuding[.]com and similar pages

Cloud - Your Payment Method Has Expired Email Scam
Phishing/Scam

Cloud - Your Payment Method Has Expired Email Scam

Our inspection of the "Cloud - Your Payment Method Has Expired" email revealed that it is spam. This is a phishing email targeting recipients' financial information by claiming that they have run out of Cloud storage and recommending an upgrade. The spam email with the subject "Cloud Stora

PylangGhost RAT
Trojan

PylangGhost RAT

PylangGhost is a Remote Access Trojan (RAT) written in the Python programming language. This program enables remote access and control over infected devices. The trojan can cause chain infections and steal sensitive information. PylangGhost is used exclusively by Famous Chollima (also known as Wa

KimJongRAT Stealer
Trojan

KimJongRAT Stealer

KimJongRAT is malicious software designed to secretly infiltrate computers, steal sensitive data, and allow attackers to control them remotely. It has at least two variants: one built and executed using PowerShell and the other using a Portable Executable (PE) file. The malware collects browser da

Basta (Makop) Ransomware
Ransomware

Basta (Makop) Ransomware

Basta is ransomware that our team has discovered during analysis of malware samples uploaded to VirusTotal. Basta encrypts files and appends the victim's ID, an email address, and the ".basta" extension to files. For example, it renames "1.jpg" to "1.jpg.[2AF20FA3].[basta2025@onionmail.com].basta"