Step-by-Step Malware Removal Instructions

Resile.app Adware (Mac)
Mac Virus

Resile.app Adware (Mac)

We have inspected Resile.app and discovered that this is an advertising-supported application flagged as malicious by multiple security vendors. An additional finding is that Resile.app belongs to the Pirrit family. Users should avoid installing this app as it can expose them to scams, privacy r

MARK (Makop) Ransomware
Ransomware

MARK (Makop) Ransomware

MARK is ransomware belonging to the Makop family. Our discovery of MARK occurred during an inspection of malware samples submitted to VirusTotal. We found that MARK encrypts files and appends its extension (along with the victim's ID and an email address) to them. For example, it renames "1.jpg"

HyperLend Vote Rewards Scam
Phishing/Scam

HyperLend Vote Rewards Scam

Our team has inspected the page (aiiocation-hyperlendx[.]com) and found that it is a copy of the original HyperLend website (hyperlend.finance). The fraudulent site is crafted to closely mimic the legitimate one, aiming to deceive users into taking actions that could result in significant financia

Your Document Has Been Held In A Queue Email Scam
Phishing/Scam

Your Document Has Been Held In A Queue Email Scam

"Your Document Has Been Held In A Queue" is a spam email. It informs the recipient of a file sent to them. The email attachment is a phishing file that records account credentials (passwords) entered into it. The spam email with the subject "Pending Notification: Admin is sharing a file wi

TuneFinder Adware
Adware

TuneFinder Adware

While inspecting suspicious websites, our researchers discovered the TuneFinder browser extension. It is promoted as an easy-access tool to song lyrics and related information (e.g., artist discographies, album details, etc.). After analyzing this extension, we determined that it is advertising-su

Keyguard-websecure.com Redirect
Browser Hijacker

Keyguard-websecure.com Redirect

We have tested keyguard-websecure.com and found that it is a fake search engine. Moreover, we discovered that it is promoted through a browser extension that operates as a browser hijacker. Therefore, users should avoid visiting keyguard-websecure.com and remove it from the settings of a web brows

$TURBO Airdrop Scam
Phishing/Scam

$TURBO Airdrop Scam

While investigating untrustworthy sites, our researchers discovered this fake "$TURBO" webpage (turbotoken[.]io; possibly others). Users who try to participate in this bogus airdrop expose their digital wallets to a cryptocurrency drainer. It must be emphasized that this scam is not associated wit

Quicknetshift.co.in Ads
Notification Spam

Quicknetshift.co.in Ads

Our researchers discovered quicknetshift.co[.]in while browsing suspect websites. After inspecting this rogue page, we determined that it promotes browser notification spam and redirects visitors to different (likely dubious/malicious) sites. Most users access quicknetshift.co[.]in and webpages ak

TransferLoader Malware
Trojan

TransferLoader Malware

TransferLoader is a malware loader that the attackers have used since at least February 2025. It consists of several components: a downloader, a backdoor, and a separate module designed to deploy the backdoor. Cybercriminals have been observed using TransferLoader to deploy ransomware. If detected

Retrorevivesearch.com Redirect
Browser Hijacker

Retrorevivesearch.com Redirect

Retrorevivesearch.com is a fake search engine our researchers discovered while analyzing the Retro Revive browser hijacker. This extension is supposedly designed to create a retro aesthetic for new browser tabs. Browser hijackers promote these webpages by modifying browser settings. It is notewort