Virus and Spyware Removal Guides, uninstall instructions

What kind of malware is HotRat?

HotRat is a robust Remote Access Trojan (RAT) based on the open-source AsyncRAT implementation. This malicious software empowers cybercriminals to steal sensitive data, inject additional malware, and perform other illicit activities. HotRat is typically distributed through unauthorized software downloads.

What kind of malware is Kizu?

Kizu is a ransomware variant that carries out file encryption and adds the ".kizu" extension to the filenames of all affected files. It also generates a ransom note titled "_readme.txt", which provides contact and payment instructions to the victim. Kizu is a member of the Djvu ransomware family and can potentially be distributed together with other malware such as RedLine, Vidar, or similar information stealers.

Our malware researchers came across Kizu while analyzing samples submitted to the VirusTotal platform. An example of how Kizu renames files: it changes "1.jpg" to "1.jpg.kizu", "2.png" to "2.png.kizu", and so forth.

What kind of malware is Kiqu?

During our examination of malware samples submitted to the VirusTotal website, we identified a ransomware variant referred to as Kiqu. This ransomware encrypts files and modifies their filenames by appending the ".kiqu" extension. Also, Kiqu generates a text file ("_readme.txt") which contains a ransom note.

An example of how Kiqu changes filenames: it renames "1.jpg" to "1.jpg.kiqu", "2.png" to "2.png.kiqu", and so forth. An important point to mention is that Kiqu belongs to the Djvu ransomware family. Pretty often, threat actors distribute Djvu ransomware with RedLine or Vidar information stealers.

What kind of application is ConfigInput?

Our research team found the ConfigInput app while inspecting new submissions to the VirusTotal website. After examining this application, we determined that it is advertising-supported software (adware) belonging to the AdLoad malware family. ConfigInput is designed to generate revenue for its developers by feeding users with advertisements.

What kind of email is "Mail Account Deactivation Notice"?

After inspecting the "Mail Account Deactivation Notice" letter, we determined that it is a phishing email. This mail states that the recipient's account will be deactivated, and to prevent this – an authentication process using the email password is necessary. However, all these claims are fake and merely used to trick users into exposing their email accounts.

What kind of website is search-content.com?

Search-content.com is the address of a fake search engine. Our researchers discovered this site while investigating deceptive webpages. From one such page, an installer containing the Apps browser hijacker was downloaded. This rogue browser extension promoted (via redirects) search-content.com. However, this website could be endorsed by other browser-hijacking software as well.

What is "Final Release Waiver"?

After carefully examining this email, our investigation revealed that it is a phishing attempt orchestrated by scammers seeking to obtain personal information from unsuspecting recipients. The email includes a deceptive attachment that leads to a fraudulent website, intending to trick users into divulging sensitive data.

What kind of malware is WyrmSpy?

WyrmSpy is a piece of malicious software classed as spyware. This Android-targeting malware has been used since at least 2017 to carry out cyber-espionage motivated attacks.

WyrmSpy is linked to APT41 (aka BARIUM, Double Dragon, and Winnti) – a group backed by the Chinese state. Expanding their operations to mobile devices is a relatively new development for APT41. This threat actor has been active worldwide, with notable targets in the United States, Australia, Japan, India, Singapore, South Korea, and Taiwan.

APT41 has attacked hundreds of public and private organizations in sectors like education, telecommunication, computer hardware manufacturing, software and video game development, and social media. There have even been attacks leveraged against foreign governments and individuals supporting/campaigning for democracy in Hong Kong.

What kind of malware is DragonEgg?

DragonEgg is the name of a spyware-type malware that targets Android operating systems. The malicious program relies on various downloaded modules to carry surveillance out operations. This malware has been around since as early as January 2021.

DragonEgg is associated with the Chinese state-backed cyber-espionage group APT41 (aka BARIUM, Double Dragon, and Winnti). Targeting mobile devices is a relatively new development for APT41.

Known APT41 attacks have been motivated both by geopolitics and financial gain. This group's activities are worldwide, with common targets located in Australia, Japan, India, Singapore, South Korea, Taiwan, and United States.

The malware campaigns were leveraged against hundreds of public and private entities, including (but not limited to): governmental bodies, pro-democratic Hong Kong activists, universities, computer hardware manufacturers, software developers, telecommunication service providers, social media platforms, and video game companies.

What kind of malware is BundleBot?

BundleBot is malware that operates covertly, flying under the radar, and primarily targets systems using the dotnet bundle (single-file) self-contained format. BundleBot is a sophisticated stealer and bot that poses a significant threat to the security and privacy of affected systems. Victims should remove this malware from their computers as soon as possible.