Step-by-Step Malware Removal Instructions

SkilledRotator Adware (Mac)
Mac Virus

SkilledRotator Adware (Mac)

After conducting tests on the SkilledRotator application, our team has determined that it functions as adware. While it is installed, SkilledRotator generates unwanted advertisements and may be able to access sensitive information. Adware is frequently promoted and distributed using shady method

Speak Text Browser Hijacker
Browser Hijacker

Speak Text Browser Hijacker

During our analysis of Speak Text, we learned that it functions as a browser hijacker that promotes search.speak-text-tab.com, a fake search engine. Speak Text hijacks a web browser by modifying its settings. In addition, Speak Text can read various data. Thus, it is recommended to avoid adding th

Kiwm Ransomware
Ransomware

Kiwm Ransomware

Kiwm is a type of malware that is part of the Djvu ransomware family. We came across Kiwm during our analysis of malware samples submitted to VirusTotal. It works by encrypting files, adding the ".kiwm" extension to their names, and leaving a ransom note (the "_readme.txt" text file). An example

Kifr Ransomware
Ransomware

Kifr Ransomware

Kifr belongs to the Djvu family of ransomware and follows the pattern of encrypting files and appending the ".kifr" extension to their names. The ransomware also creates a "_readme.txt" file with instructions on how to pay the ransom. Our researchers discovered Kifr while analyzing malware samples

SkipAds for Youtube Adware
Adware

SkipAds for Youtube Adware

During our investigation of SkipAds for Youtube, we discovered that it presents intrusive advertisements, which led us to classify this browser extension as adware. Ironically, its name suggests that it blocks ads. It is important to note that users often unintentionally download and install adwar

Proton Ransomware
Ransomware

Proton Ransomware

Proton is ransomware that our team discovered on VirusTotal while checking the page for recently submitted malware samples. We found that Proton encrypts files, appends the kigatsu@tutanota.com email address, victim's ID, and, depending on the variant, ".Proton" or ".kigatsu" extension to filename

Rorschach Ransomware
Ransomware

Rorschach Ransomware

Rorschach (also known as BabLock) is ransomware that encrypts files. The attackers aim at small and medium-sized businesses as well as industrial companies. Along with encrypting data, Rorschach also adds a random string of characters and a two-digit number (ranging from 00 to 98) to the end of fi

Sports Engine Browser Hijacker
Browser Hijacker

Sports Engine Browser Hijacker

While examining the Sports Engine browser extension, we found that it hijacks a web browser by changing its settings. The purpose of this browser-hijacking app is to promote a fake search engine (sportengine.info). Additionally, Sports Engine can read certain data. Once added, the Sports E

Security Breach - Stolen Data Email Scam
Phishing/Scam

Security Breach - Stolen Data Email Scam

Upon scrutinizing this email, we have ascertained that it is a fraudulent extortion letter. This phishing campaign comprises of at least two versions of the letter, with the perpetrators employing the names of well-known cybercriminals to intimidate and lend credibility to their threats. T

Messages Are Restrained Due To Low Bandwidth Email Scam
Phishing/Scam

Messages Are Restrained Due To Low Bandwidth Email Scam

After reviewing this email, we determined that it is a phishing letter masquerading as a notification from an email service regarding mail delivery status. There are at least two variants of this letter in the phishing campaign. Scammers use both of them to lure unsuspecting recipients into provid