Virus and Spyware Removal Guides, uninstall instructions

What kind of software is Shapes Tab?

Shapes Tab is a rogue browser extension that we discovered while inspecting suspect webpages. It is presented as a tool that displays browser wallpapers. After analyzing this extension, we determined that it is browser-hijacking software. Shapes Tab makes alterations to browser settings in order to promote the find.cf-csrc.com illegitimate search engine.

What kind of software is Car Tab?

While investigating dubious websites, our researchers discovered the Car Tab browser extension. It is promoted as a tool that displays automobile-themed wallpapers. However, our analysis revealed that Car Tab is a browser hijacker. It changes browser settings and endorses (via redirects) the find.mmysearchup.com fake search engine.

What kind of malware is TurkoRat?

TurkoRat is the name of a malicious program classed as a stealer. This malware aims to steal sensitive information from infected machines. TurkoRat was observed being distributed in several malicious packages via the npm package repository.

What kind of malware is AhRat?

AhRat is a Remote Access Trojan (RAT) that focuses on infiltrating Android devices. Its distribution occurred through a trojanized screen recording application, which was disguised and offered for download on the Google Play store.

The original version of the app that was uploaded to the store did not possess any malicious characteristics, but later on, threat actors manipulated its functionality and introduced malicious components into the app.

What kind of page is ilitonline[.]com?

While investigating suspicious websites, our research team discovered the ilitonline.com rogue webpage. It is designed to endorse browser notification spam and redirect users to other (likely dubious/malicious) websites. Users primarily access pages like ilitonline[.]com via redirects caused by sites employing rogue advertising networks.

What kind of page is editortrip[.]com?

Editortrip[.]com is a rogue page that our research team discovered while inspecting questionable websites. It operates by promoting browser notification spam and redirecting visitors to other (likely untrustworthy/hazardous) sites. Most users enter webpages like editortrip[.]com via redirects generated by sites using rogue advertising networks.

What kind of page is mediatesupervis[.]com?

After analyzing mediatesupervis[.]com, we discovered that the page employs a deceitful tactic to entice visitors into granting permission for notifications. We also observed that mediatesupervis[.]com redirects users to other questionable websites. As a result, it is strongly recommended to refrain from visiting mediatesupervis[.]com or any sites accessed through it.

What kind of scam is "Your Account Is Successfully Debited"?

Our analysis of this page revealed that it presents a fabricated system scan and employs deceptive tactics to coerce users into contacting a fraudulent technical support number. These scams, known as pop-up scams, often masquerade as legitimate websites and are utilized by scammers to engage in malicious activities.

What kind of malware is OBSIDIAN ORB?

While reviewing new submissions to VirusTotal, our researchers discovered yet another malicious program based on the Chaos ransomware – called OBSIDIAN ORB. Malware within this classification is designed to encrypt data and demand ransoms for its decryption.

On our testing system, OBSIDIAN ORB ransomware encrypted files and appended their filenames with an extension consisting of four random characters. For example, a file initially titled "1.jpg" appeared as "1.jpg.q3uk". Afterwards, OBSIDIAN ORB changed the desktop wallpaper and created a ransom note named "read_It.txt".

What kind of malware is Guerilla?

Guerilla is the name of a malware that targets Android devices. Previous iterations of this malicious software operated predominantly as adware. Specifically, the program functioned by stealthily clicking advertisements – thus generating revenue for its developers via affiliate programs and similar mechanisms.

However, in the latest activity, Guerilla expanded to encompass stealer and backdoor/loader capabilities. The most alarming facet of this new activity is that this malware arrives pre-installed on Android devices.

At the time of writing, the exact distribution chain of the infected devices is uncertain. The number of compromised machines could exceed nine million and range from Android smartphones to smartwatches. The activity is global, with the most affected countries including the USA, Mexico, Indonesia, Thailand, and Russia.

Evidence links Guerilla malware with a threat actor dubbed Lemon Group (currently rebranded as "Durian Cloud SMS"). This group is connected to a variety of businesses relating to advertising and marketing.