Tutorials

Donation From Lottery Winner email scam is a type of phishing scam where fraudsters send emails pretending to be lottery winners who wish to share their winnings with randomly selected individuals. These emails often claim that the recipient has been chosen to receive a substantial amount of money, typically in the millions, from a recent lottery jackpot winner. The scam aims to extort money and/or personal information from the recipients under the guise of a generous donation. For instance, one version of this scam involves an email from someone claiming to be Thomas Yi Mega, a supposed Powerball jackpot winner, offering $4 million to the recipient. The email instructs the recipient to respond to a specific email address to claim the money. Another example involves a scammer impersonating Manuel Franco, a real Powerball jackpot winner, offering $2.8 million to five lucky people.

Lord Bomani Ransomware is a type of malware that belongs to the GlobeImposter family. It encrypts files on the victim's computer and appends the developer's email address (Bomani@Email.CoM) to the filenames. For example, a file named 1.jpg would be renamed to 1.jpg.[Bomani@Email.CoM]. The ransomware also creates a ransom note named Read Me!.hTa which informs the victim that their files have been encrypted due to a security issue on their PC. The note provides three email addresses for contacting the attackers: lord_bomani@keemail.me, jbomani@protonmail.com, and bomani@email.com. It also includes a specific ID that must be provided in the subject line when emailing the attackers. The ransom note states that payment for file decryption must be made in Bitcoin, and the cost depends on how quickly the victim contacts the threat actors. It warns against renaming files or attempting to use third-party decryption tools, and it threatens to release sensitive personal data if the ransom is not paid. The note also offers to decrypt up to three files for free as a guarantee, provided the total size of the files is less than 5MB and they do not contain valuable information.

Street Fighter 6 is the latest installment in Capcom's iconic fighting game series, released on June 2, 2023. The game is available on PlayStation 4, PlayStation 5, Windows, and Xbox Series X/S, with an arcade version released in Japan under the title Street Fighter 6 Type Arcade. The game features three main modes: Fighting Ground, World Tour, and Battle Hub. Fighting Ground includes local and online versus battles, training, and arcade modes, maintaining the traditional 2D fighting gameplay. World Tour is a single-player story mode where players can explore 3D environments with a customizable avatar. Battle Hub is an online lobby mode where players can compete in ranked or casual matches, participate in special events, and play emulated Capcom arcade titles. Street Fighter 6 introduces the Drive Gauge system, which allows players to use five different techniques, encouraging strategic gameplay. It also offers three control schemes: classic, modern, and dynamic, catering to different player preferences. Regarding running Street Fighter 6 on a Mac, there is no native Mac version. However, Intel-based MacBook Pro users can use Bootcamp to install Windows and run the game natively, providing the best performance. For M1, M2 or M3 MacBook Pro users, the Game Porting Toolkit can emulate x86 instructions and DX11/12, but this requires macOS Sonoma and may result in frame drops due to emulation. Parallels has announced future support for DX12, which could be another option once available.

Dark and Darker is a multiplayer dark fantasy video game developed by the South Korean studio Ironmace. The game combines elements from dungeon crawlers, role-playing games, and extraction shooters, creating a unique PvPvE (player versus player versus environment) experience. Set in a dark medieval fantasy world, players can choose from nine character classes: Fighter, Barbarian, Rogue, Ranger, Wizard, Cleric, Bard, Warlock, and Druid. Each class has unique abilities and playstyles. The primary objective in Dark and Darker is survival. Players navigate through dungeons filled with traps, puzzles, and monsters, collecting loot and fighting other players. The game features a shrinking playable area, forcing players into encounters. If a player dies, they lose all their possessions, but successful extraction allows them to store or sell their loot for future use. The game includes three maps with static layouts and enemy spawn points, featuring tight corridors, interconnected hallways, and some verticality, which can be advantageous for certain classes like the Wizard or Ranger. Currently, Dark and Darker does not natively support macOS. However, Mac users can explore alternative methods to play the game. One option is using CrossOver, which is available for both Intel and Apple Silicon Macs. CrossOver translates the game’s code into something macOS can run, but it is recommended for Apple Silicon chips due to better performance. Another option for Intel-based Macs is using Boot Camp to install Windows, allowing the Mac to run Windows natively and potentially meet the game's system requirements. Additionally, cloud gaming services like Boosteroid might eventually support Dark and Darker, allowing Mac users to stream the game without needing to run it locally.

Malware Mage Ransomware is a type of malicious software that encrypts data on an infected computer and demands a ransom for its decryption. Discovered during a routine investigation of new submissions to the VirusTotal platform, this ransomware appends the .malwaremage extension to encrypted files. For instance, a file named 1.jpg would appear as 1.jpg.malwaremage after encryption. The ransomware then displays a pop-up window containing the ransom note. The ransom note informs victims that their documents, videos, images, and other files have been encrypted using the AES-256 cryptographic algorithm. To recover the inaccessible data, victims are instructed to purchase a decryption key from the attackers. The ransom amount is 0.08134 BTC, which is approximately six thousand US dollars, though this value can fluctuate with exchange rates. The note emphasizes that failure to pay within the given time frame will result in the destruction of the decryption key, leading to permanent data loss.

LOTUS Ransomware is a type of malware that encrypts files on a victim's computer, rendering them inaccessible until a ransom is paid. It belongs to the Dharma ransomware family and is designed to extort money from victims by holding their data hostage. After installation, it displays a ransom message in a pop-up window and creates a text file named MANUAL.txt containing further instructions. LOTUS Ransomware appends the .LOTUS extension to the names of encrypted files. Additionally, it includes the victim's ID and the attacker's email address in the filename. For example, a file named 1.jpg would be renamed to 1.jpg.id-B4M9F983.[paymei@cock.li].LOTUS. After encrypting files, LOTUS ransomware creates a ransom note named "MANUAL.txt" and places it in each folder containing encrypted files. The note typically includes a notification of file encryption, instructions on how to pay the ransom (often in cryptocurrency like Bitcoin), and contact information for the attackers (e.g., paymei@cock.li, paymei@tuta.io). It also warns victims not to rename files or try to decrypt them with third-party software, as this may cause permanent damage to the files. The ransom note emphasizes that victims can only receive a decryption key or software from the attackers.

Wormhole Ransomware is a type of malicious software designed to encrypt files on a victim's computer, rendering them inaccessible until a ransom is paid. This ransomware variant is part of a broader category of malware that uses encryption to hold data hostage, demanding payment for the decryption key. The name "Wormhole" is derived from the file extension it appends to encrypted files. Once Wormhole ransomware encrypts files on a victim's computer, it appends the .Wormhole extension to the encrypted files. This extension helps victims and cybersecurity professionals identify the type of ransomware that has infected the system. Wormhole ransomware employs strong encryption algorithms to secure the victim's files. Typically, ransomware uses a combination of symmetric and asymmetric encryption. Symmetric encryption involves using a single key for both encryption and decryption, with AES (Advanced Encryption Standard) being commonly used due to its efficiency and security. Asymmetric encryption involves a pair of keys – a public key for encryption and a private key for decryption, with RSA (Rivest-Shamir-Adleman) often used for this purpose. The exact encryption methods used by Wormhole ransomware are not detailed in the sources, but it is likely to use a combination of AES for file encryption and RSA for securing the AES key, similar to other ransomware variants. After encrypting the files, Wormhole ransomware typically creates a ransom note to inform the victim of the attack and provide instructions for payment (How to recover files encrypted by Wormhole.txt). This note is usually placed in prominent locations such as the desktop or in each directory containing encrypted files. The ransom note may include instructions on how to pay the ransom, often in cryptocurrency like Bitcoin, a deadline for payment to avoid permanent data loss, and contact information for the attackers, often an email address or a link to a dark web site.

TellYouThePass is a type of ransomware that first emerged in 2019. It is known for encrypting files on infected systems and demanding a ransom for their decryption. This ransomware has seen a resurgence, particularly in exploiting vulnerabilities such as the Apache Log4j and more recently, a critical PHP vulnerability (CVE-2024-4577). The ransomware targets both Windows and Linux operating systems and has been rewritten in Golang to facilitate cross-platform attacks. Once TellYouThePass encrypts files on an infected system, it appends the .locked extension to the filenames. For example, a file named document.docx would be renamed to document.docx.locked. TellYouThePass ransomware uses a combination of RSA-1024 and AES-256 cryptographic algorithms to encrypt files. This combination ensures that the encryption is robust and difficult to break without the decryption key. After encrypting the files, TellYouThePass creates a ransom note named README.html in each affected directory. This note contains instructions for the victim on how to pay the ransom, typically in Bitcoin, and how to contact the attackers to receive the decryption tool. The note warns victims not to rename the encrypted files or attempt to decrypt them using other tools, as this could result in permanent data loss.