Step-by-Step Malware Removal Instructions

FateGrab Stealer
Trojan

FateGrab Stealer

FateGrab is the name of an information-stealing malware distributed along with another stealer called StealDeal. Threat actors deliver these malicious programs via email (they use a compromised email address for malware distribution) and messengers. Both FateGrab and StealDeal should be removed fr

HARDBIT 2.0 Ransomware
Ransomware

HARDBIT 2.0 Ransomware

HARDBIT 2.0 is a new version of the HARDBIT ransomware. We discovered this version while inspecting malware samples submitted to VirusTotal. HARDBIT 2.0 encrypts data, appends a string of random characters, the victim's ID, email address, and the ".hardbit2" extension to filenames. Also, HARDBIT

Mudflised.com Ads
Notification Spam

Mudflised.com Ads

We have inspected mudflised[.]com and found that the purpose of this site is to lure visitors into allowing it to display/send notifications. Mudflised[.]com displays deceptive content to get that permission. Our team discovered mudflised[.]com while examining pages that use shay advertising netwo

StealDeal Stealer
Trojan

StealDeal Stealer

StealDeal is the name of an information stealer targeting Internet browser data and possibly other information. It is known that StealDeal is delivered via a compromised email address. The file used for malware distribution injects StealDeal and another malware called FateGrab - an information ste

ScreenConnect (ConnectWise) Client Scam
Phishing/Scam

ScreenConnect (ConnectWise) Client Scam

Fraudsters use all kinds of ways to extract information or money from people and distribute malicious programs via emails. This article describes cases where fraudsters use emails to trick recipients into installing ConnectWise (formerly known as ScreenConnect). This software allows threat actors

RisePro Stealer
Trojan

RisePro Stealer

RisePro is an information stealer that has similarities with another stealer called Vidar. It gathers sensitive data and extracts it in the form of logs. RisePro is written in the C++ programming language. Threat actors have been observed distributing RisePro via a malware downloader called Privat

GodFather Malware (Android)
Trojan

GodFather Malware (Android)

GodFather is the name of an Android malware targeting online banking pages and cryptocurrency exchanges in 16 countries. It opens fake login windows over legitimate applications. Threat actors use GodFather to steal account credentials. Additionally, GodFather can steal SMSs, device information, a

Iswr Ransomware
Ransomware

Iswr Ransomware

Iswr is the name of a Djvu ransomware variant. We discovered it while inspecting malware samples submitted to the VirusTotal page. Iswr encrypts the victim's files, appends its extension (".iswr") to the filenames of all encrypted files, and drops its ransom note (the "_readme.txt" file). An exam

Mywowspot.com Ads
Notification Spam

Mywowspot.com Ads

We have analyzed mywowspot[.]com and learned that the purpose of this page is to trick visitors into agreeing to receive notifications from it. Additionally, mywowspot[.]com may redirect users to other untrustworthy websites. It is very uncommon for pages like mywowspot[.]com to be visited on purp

CRYPT (CONTI) Ransomware
Ransomware

CRYPT (CONTI) Ransomware

CRYPT crypto-malware based on CONTI ransomware. It encrypts files, appends the ".CRYPT" extension to filenames, and creates the "Readme_Instructions.html" file that contains a ransom note. An example of how CRYPT modifies filenames: it renames "1.jpg" to "1.jpg.CRYPT", "2.png" to "2.png.CRYPT", an