Viruses

RisePro Stealer is a type of malware known as an information stealer, which is designed to harvest sensitive data from infected computers. It is written in C++ and appears to be a clone or a variant of the Vidar stealer, sharing similar functionalities and characteristics. RisePro targets popular web browsers like Firefox, Opera, and Chrome, stealing saved passwords, credit card information, and crypto-wallets. It can also extract credentials from installed software such as Discord and Authy Desktop. The malware searches for specific file patterns on the infected computer, such as banking and credit card receipt information, and sends the stolen data to a command and control server (C&C) operated by cybercriminals. For users who feel confident enough, manual removal steps are also available, but they require a more technical approach and can be riskier. It is crucial to back up all files before starting the removal process, as some below data could be damaged or lost during the cleanup.

JaskaGO malware is a sophisticated malware developed using the Go programming language, also known as Golang. It was first observed in July 2023, initially targeting Mac users, but has since evolved to infect both Windows and macOS systems. The malware is part of a growing trend of threats leveraging the Go programming language due to its simplicity, efficiency, and cross-platform capabilities. JaskaGO is an information stealer, meaning it excels at exfiltrating valuable information from infected systems. This data can range from browser credentials to cryptocurrency wallet details and other sensitive user files. The malware communicates with a command-and-control (C&C) server, from which it can receive various commands, including data harvesting and exfiltration. Remember, the best defense against malware is prevention. Regularly update your software, avoid downloading from untrusted sources, and maintain a reliable security solution to protect your system.

Hook Banking Trojan is a type of malware designed to steal personal information from infected users. It was developed using the source code of the ERMAC backdoor, another notorious malware. Hook is rented out by its operators at a cost of $7,000 per month. It targets a wide range of applications, particularly banking and cryptocurrency-related ones, and has been found in Google Chrome clone APKs. The malware has a wide range of functionalities, including keylogging, overlay attacks to display phishing windows over banking apps, and automated stealing of cryptocurrency recovery seeds. It also has the ability to stream the victim's screen, interact with the interface to gain complete control over the device, take photos of the victim using their front-facing camera, and steal cookies related to Google login sessions.

BlackBit is a sophisticated strain of ransomware, first discovered in February 2023. It is a variant of the LokiLocker ransomware, and it uses .NET Reactor to obfuscate its code, likely to deter analysis. The ransomware is built on the Ransomware-as-a-service (RaaS) model, where ransomware groups lease out their infrastructure. BlackBit modifies filenames by prepending the spystar@onionmail.org email address, a victim's ID, and appending the .BlackBit extension to filenames. For example, it renames 1.jpg to [spystar@onionmail.org][random-id]1.jpg.BlackBit. BlackBit Ransomware likely uses a strong encryption algorithm, such as AES or RSA, to encrypt the victim's files, rendering them inaccessible without the decryption key. BlackBit ransomware creates a ransom note named Restore-My-Files.txt and places it in every folder containing encrypted files. The ransom note instructs victims to contact the attackers via spystar@onionmail.org. In addition to the text file, BlackBit also changes the desktop wallpaper and displays a pop-up window containing a ransom note.

Lomx Ransomware is a type of malicious software that belongs to the Djvu ransomware family. Its primary function is to encrypt files on the infected computer, rendering them inaccessible to the user. Once the files are encrypted, Lomx appends the .lomx extension to the file names, effectively marking them as encrypted. For example, a file originally named photo.jpg would be renamed to photo.jpg.lomx after encryption. After infecting a computer, Lomx targets various file types and encrypts them using a robust encryption algorithm. The exact encryption method used by Lomx is not specified in the provided sources, but it is common for ransomware from the Djvu family to use strong encryption algorithms that are difficult to crack without the decryption key. Lomx creates a ransom note named _readme.txt in the directories containing the encrypted files. This note informs victims that their files have been encrypted and that they must purchase a decryption tool and key from the attackers to recover their files. The note typically includes instructions on how to pay the ransom and contact information for the attackers.

Loqw Ransomware is a dangerous computer virus that belongs to the STOP (Djvu) ransomware family. Its main purpose is to encrypt files on the victim's computer and demand a ransom for their decryption. The criminals behind this ransomware use various social engineering tactics to lure unsuspecting users into downloading or running the malware. Once Loqw ransomware infects a computer, it encrypts the files and adds the .loqw extension to each filename. Loqw ransomware uses the Salsa20 encryption algorithm. This method is not the strongest, but it still provides an overwhelming amount of possible decryption keys. To brute force the 78-digit number of keys, you would need 3.5 unvigintillion years (1*10^65), even if you use the most powerful regular PC. After encrypting the files, Loqw ransomware creates a ransom note named _readme.txt. This note contains instructions for the victim on how to pay the ransom, which ranges from $490 to $980 (in Bitcoins).

GREEDYFATHER is a type of ransomware, a malicious software that encrypts data on a victim's computer and demands a ransom for its decryption. This article will provide a comprehensive understanding of GREEDYFATHER ransomware, its infection methods, the file extensions it adds, the encryption it uses, the ransom note it creates, and potential decryption tools and methods. GREEDYFATHER Ransomware appends the .GREEDYFATHER extension to the filenames of the encrypted files. For example, a file named 1.jpg would be renamed to 1.jpg.GREEDYFATHER. The specific encryption algorithm used by GREEDYFATHER ransomware is not explicitly mentioned in the search results. However, ransomware typically uses strong encryption algorithms, such as AES (Advanced Encryption Standard) or RSA (Rivest-Shamir-Adleman), to encrypt files. These encryption methods are virtually unbreakable without the correct decryption key. After encrypting the files, GREEDYFATHER creates a ransom note named GREEDYFATHER.txt in each directory containing the encrypted files. The note reassures the victim that the encrypted files can be restored and instructs them to send a couple of locked files to the attackers for a test decryption. It also warns against the use of free decryption tools.

Ljaz Ransomware is a type of malicious software that encrypts files on a victim's computer, rendering them inaccessible. The attackers then demand a ransom, often in the form of cryptocurrency, in exchange for providing the decryption key or tool necessary to unlock the encrypted files. Ljaz Ransomware adds the .ljaz file extension to the encrypted files. Ljaz Ransomware creates a ransom note in a text file named _readme.txt. This note usually contains instructions on how to pay the ransom to get the decryption key or tool. STOP/Djvu Ransomware family uses the Salsa20 encryption algorithm to encrypt the victim's files. It also uses RSA encryption, which is one of the most commonly used encryption methods by ransomware groups. The ransomware begins its execution chain with several levels of obfuscation designed to slow down the analysis of its code by threat analysts and automated sandboxes.