Step-by-Step Malware Removal Instructions

Final Release Waiver Email Scam
Phishing/Scam

Final Release Waiver Email Scam

After carefully examining this email, our investigation revealed that it is a phishing attempt orchestrated by scammers seeking to obtain personal information from unsuspecting recipients. The email includes a deceptive attachment that leads to a fraudulent website, intending to trick users into d

WyrmSpy Malware (Android)
Trojan

WyrmSpy Malware (Android)

WyrmSpy is a piece of malicious software classed as spyware. This Android-targeting malware has been used since at least 2017 to carry out cyber-espionage motivated attacks. WyrmSpy is linked to APT41 (aka BARIUM, Double Dragon, and Winnti) – a group backed by the Chinese state. Expanding their o

DragonEgg Malware (Android)
Trojan

DragonEgg Malware (Android)

DragonEgg is the name of a spyware-type malware that targets Android operating systems. The malicious program relies on various downloaded modules to carry surveillance out operations. This malware has been around since as early as January 2021. DragonEgg is associated with the Chinese state-back

BundleBot Malware
Trojan

BundleBot Malware

BundleBot is malware that operates covertly, flying under the radar, and primarily targets systems using the dotnet bundle (single-file) self-contained format. BundleBot is a sophisticated stealer and bot that poses a significant threat to the security and privacy of affected systems. Victims shou

Choalauysurvey.top Ads
Notification Spam

Choalauysurvey.top Ads

Our research team discovered the choalauysurvey[.]top rogue page while inspecting dubious websites. It operates by promoting browser notification spam and by redirecting visitors to other (likely unreliable/dangerous) sites. Users typically enter pages like choalauysurvey[.]top via redirects cause

Elevate Tab Browser Hijacker
Browser Hijacker

Elevate Tab Browser Hijacker

While examining the Elevate Tab browser extension, our team noticed that it makes certain changes in the settings of a web browser. Elevate Tab modifies those settings to promote a fake search engine search.elevatetab.com. Apps that exhibit such behavior are known as browser hijackers. Ele

2QZ3 Ransomware
Ransomware

2QZ3 Ransomware

Our research team found the 2QZ3 ransomware while investigating new submissions to the VirusTotal website. This malicious program is part of the Phobos ransomware family. 2QZ3 is designed to encrypt data and demand payment for its decryption. On our test machine, the encrypted files were renamed

Khronos Ransomware
Ransomware

Khronos Ransomware

While checking the VirusTotal page for recently submitted samples, our team discovered Khronos - ransomware that encrypts files. Also, Khronos renames files by appending the ".khronos" extension. For instance, it renames "1.jpg" to "1.jpg.khronos", "2.png" to "2.png.khronos", and so forth. After t

Blockchain.com - Your Account Is Locked Email Scam
Phishing/Scam

Blockchain.com - Your Account Is Locked Email Scam

After analyzing this email, our team identified it as a crypto-related phishing attempt. The scammers masquerade as the blockchain[.]com team and aim to deceive recipients into divulging sensitive information on a phishing website. Recipients should remain cautious and avoid falling victim to such

KiRa (GreatKiRa) Ransomware
Ransomware

KiRa (GreatKiRa) Ransomware

KiRa is ransomware that our team discovered while analyzing malware samples submitted to the VirusTotal page. KiRa encrypts data, appends a random extension consisting of four characters to filenames, changes the desktop wallpaper, and drops a text file containing a ransom note ("read it!!.txt").