Step-by-Step Malware Removal Instructions

EFT Debit Release Email Scam
Phishing/Scam

EFT Debit Release Email Scam

After inspecting this "EFT Debit Release" email, we determined that it is spam. This message concerns an EFT (Electronic Funds Transfer) debit payment that will be released today. The goal of this campaign is to trick recipients into entering their account log-in credentials to a phishing file.

Shamos Stealer (Mac)
Mac Virus

Shamos Stealer (Mac)

Shamos is a variant of the AMOS (Atomic) stealer. This malicious program targets macOS devices and seeks to steal sensitive data. Shamos has been around since at least the summer of 2025. It was developed and is offered as MaaS (Malware-as-a-Service) by a threat actor group dubbed "COOKIE SPIDER

Your Account Security Settings May Need Attention Email Scam
Phishing/Scam

Your Account Security Settings May Need Attention Email Scam

Our investigation revealed that this is a phishing email disguised as a security alert from an online service provider. It includes a link to a fraudulent website aimed at stealing personal information from recipients. Whoever receives this email should disregard the message to prevent account com

Email Account Failure Notice Scam
Phishing/Scam

Email Account Failure Notice Scam

Our analysis has shown that it is a phishing email posing as a security notification from an email service provider. The scam email contains a link to a fake site designed to extract personal information from unsuspecting recipients. It should be ignored to avoid account hijacking and other potent

Antivirus By FSB Malware (Android)
Trojan

Antivirus By FSB Malware (Android)

Antivirus by FSB is an advanced backdoor that compromises Android devices. Threat actors have deployed it in campaigns targeting Russian business representatives. Its functionality includes the execution of various malicious commands. If detected on a device, the malware should be removed immediat

Kelpmetoreali.com Ads
Notification Spam

Kelpmetoreali.com Ads

Kelpmetoreali[.]com is a rogue webpage discovered by our research team during a routine investigation of suspicious sites. After examining this page, we determined that it promotes dubious content and browser notification spam. It can also redirect users to other (likely unreliable/malicious) webs

Jpadsnow.com Ads
Notification Spam

Jpadsnow.com Ads

While investigating untrustworthy sites, our researchers discovered the jpadsnow[.]com rogue webpage. It operates by endorsing browser notification spam and generates redirects to different (likely unreliable/hazardous) websites. Jpadsnow[.]com and similar pages are primarily accessed through redi

Knobd.com Ads
Notification Spam

Knobd.com Ads

We have examined knobd[.]com and concluded that its purpose is to deceive visitors into taking actions allowing the site to show notifications. Once permitted, knobd[.]com can display annoying and often misleading notifications. Clicking the links in such notifications can expose users to privacy

KillBack Ransomware
Ransomware

KillBack Ransomware

KillBack is ransomware that our team discovered while examining samples submitted to VirusTotal. Upon execution, KillBack encrypts data, appends the victim's ID and ".killback" extension to files, and creates a ransom note ("README.TXT"). An example of how the malware modifies filenames: It chang

Brian Airdrop Scam
Phishing/Scam

Brian Airdrop Scam

Our research team found this fake "Brian" airdrop while browsing suspicious sites. Upon examination, we learned that this scam operates as a cryptocurrency drainer. Essentially, it aims to steal digital assets from exposed cryptocurrency wallets. It must be stressed that this bogus airdrop is not