Step-by-Step Malware Removal Instructions

Pi Network Airdrop Scam
Phishing/Scam

Pi Network Airdrop Scam

While investigating suspicious sites, our researchers discovered this fake "Pi Network Airdrop". It is a phishing scam targeting cryptocurrency wallet log-in credentials; victims are lured into exposing this information by the promise of an airdrop. It must be emphasized that this scam is not asso

KaWaLocker Ransomware
Ransomware

KaWaLocker Ransomware

Our researchers discovered the KaWaLocker ransomware while reviewing new malware submissions to the VirusTotal website. Malicious software within this category is designed to encrypt data and demand ransoms for the decryption. On our test machine, KaWaLocker encrypted files and added an extension

SparkKitty Malware (Android)
Trojan

SparkKitty Malware (Android)

SparkKitty is a spyware named so for its similarities with the SparkCat malware. Evidence such as some variants of SparkKitty being built using the same framework as SparkCat, having the same functionality, and sharing a similar targeting pattern suggest a connection between these programs. There

Coinbase Transition To Self-Custodial Wallets Email Scam
Phishing/Scam

Coinbase Transition To Self-Custodial Wallets Email Scam

We have inspected the email and found that it promotes a fraudulent scheme. This scam email is disguised as a notification from Coinbase regarding wallet transitions. Its purpose is to lure unsuspecting recipients into taking actions that could result in the theft of their cryptocurrency. This ema

HyperSwap ($SWAP) Airdrop Scam
Phishing/Scam

HyperSwap ($SWAP) Airdrop Scam

We have inspected the page (dapp-hyperswap[.]network) and found that it is a copy of the original HyperSwap site (hyperswap.exchange). The fake website promotes a fake airdrop to trick users into taking actions that allow scammers to steal their cryptocurrency. Such pages should be identified as s

Stylemeshconnect.com Ads
Notification Spam

Stylemeshconnect.com Ads

We have examined stylemeshconnect[.]com and concluded that the purpose of this page is to promote the "You've visited illegal infected website" scam and obtain permission to show notifications. If allowed, stylemeshconnect[.]com can send deceptive notifications to promote more scams and other onli

UraLocker Ransomware
Ransomware

UraLocker Ransomware

UraLocker is ransomware that we discovered during our routine inspection of samples uploaded to VirusTotal. Upon execution, UraLocker encrypts files and appends its extension (".rdplocked"). For example, it renames "1.jpg" to "1.jpg.rdplocked" and "2.png" to "2.png.rdplocked". UraLocker also chang

Trump Coin Airdrop Scam
Phishing/Scam

Trump Coin Airdrop Scam

Our analysis has shown that it is a deceptive web page promoting a fake airdrop (cryptocurrency giveaway). The scammers behind this site aim to trick users into connecting their wallets, which allows them to steal cryptocurrency. Such sites should be closed if ever encountered to avoid monetary lo

Fake Rabby Wallet Website Scam
Phishing/Scam

Fake Rabby Wallet Website Scam

Our analysis indicates that this is a fraudulent website (rabbywallet[.]io) mimicking the official Rabby Wallet site. Its purpose is to deceive users into disclosing personal information, enabling scammers to steal their digital assets. To prevent financial loss, users should immediately close suc

We Have Your Search Requests And Webcam Footage Email Scam
Phishing/Scam

We Have Your Search Requests And Webcam Footage Email Scam

After reading this "We Have Your Search Requests And Webcam Footage" email, we determined that it is a sextortion scam. This spam message claims that Russian hacker affiliates have obtained the recipient's information and recorded a sexually explicit video of them. If the recipient does not meet