Step-by-Step Malware Removal Instructions

Upgrade Mailbox Quota Email Scam
Phishing/Scam

Upgrade Mailbox Quota Email Scam

After inspecting the "Upgrade Mailbox Quota" email, we determined that it is spam. By claiming that the recipient's email account requires immediate upgrades – this phishing mail aims to trick them into disclosing their log-in credentials. The spam email with the subject "Disconnection Not

WalletConnect & Web3Inbox Airdrop Scam
Phishing/Scam

WalletConnect & Web3Inbox Airdrop Scam

"WalletConnect & Web3Inbox Airdrop" is a scam. It is presented as an airdrop held by the WalletConnect and Web3Inbox. The scheme is not associated with any legitimate services or other entities. This scam operates as a cryptocurrency drainer and steals the funds stored in victims' digital wall

Dedsec Ransomware
Ransomware

Dedsec Ransomware

Dedsec is ransomware (discovered by S!Ri) designed to encrypt files and demand payment in return for their decryption. Additionally, Dedsec renames all affected files by appending the ".dedsec" extension, changes the desktop wallpaper, and displays a pop-up window with a ransom note. An example o

Santionrerm.co.in Ads
Notification Spam

Santionrerm.co.in Ads

While investigating suspicious websites, our researchers discovered the santionrerm.co[.]in rogue page. It operates by promoting browser notification spam. Additionally, this webpage can redirect visitors to other (likely dubious/malicious) sites. Users primarily access santionrerm.co[.]in and pag

CarcharhinusLeucas Malicious Extension
Adware

CarcharhinusLeucas Malicious Extension

While reviewing dubious websites, our research team discovered an installer containing the CarcharhinusLeucas browser extension. This malicious software manages/modifies Google Chrome and Microsoft Edge browsers. Additionally, CarcharhinusLeucas has data-tracking abilities. It is noteworthy that

CashAid Project Email Scam
Phishing/Scam

CashAid Project Email Scam

Upon examining the email, we found that it is a typical example of a phishing email, attempting to deceive the recipient into providing personal information and (or) sending funds. It claims that a recipient has been selected as a beneficiary for a certain amount of money. Such emails should be ig

Kasseika Ransomware
Ransomware

Kasseika Ransomware

Kasseika is a ransomware-type program. It operates by encrypting data in order to demand payment for the decryption. On our test machine, Kasseika encrypted files and altered their filenames. Original file titles were appended with an extension comprising a random character string. To elaborate,

Xeno RAT
Trojan

Xeno RAT

Xeno is a sophisticated Remote Access Trojan (RAT) that empowers operators (threat actors) to control computers remotely. It is written in C# programming language and designed to operate seamlessly on Windows 10 and 11 operating systems. Victims should remove it from infected systems as soon as po

DefaultPositive Adware (Mac)
Mac Virus

DefaultPositive Adware (Mac)

After analysis, we concluded that DefaultPositive displays intrusive advertisements, placing it in the category of adware. Users often install such applications without a complete understanding of their full range of functionalities. It is recommended to avoid downloading and installing apps lik

Token Terminal's Airdrop Scam
Phishing/Scam

Token Terminal's Airdrop Scam

After inspecting the "Token Terminal's Airdrop", we determined that it is a scam. It imitates the Token Terminal platform running an airdrop, and a cryptocurrency-draining mechanism is jumpstarted once a victim exposes their account to this bogus giveaway. This scam masquerades as the Toke