Viruses

HARDBIT is a ransomware virus that targets Windows users to encrypt system-stored data and blackmail victims into paying a fee for decryption and non-disclosure of exfiltrated data. While rendering files inaccessible, the file-encryptor assigns some visual changes to highlight the blocked data. For instance, a file originally named 1.pdf will change to something like 1.pdf.[id-GSD557NO60].[boos@keemail.me].hardbit at the end of encryption. This newly-assigned string of symbols consists of the victim's ID, cybercriminals' e-mail address, and .hardbit extension. Immediately after the encryption process approaches its end, HARDBIT changes the desktop wallpapers and drops two files explaining decryption instructions - Help_me_for_Decrypt.hta and How To Restore Your Files.txt.

FlyTrap is a trojan infection designed to steal Facebook accounts and use them for future abuse. An authoritative security company named Zimperium researched this malware and confirmed its activity across 100+ countries with at least 10,000 users affected by it. According to reports, many have been affected by FlyTrap via a malicious application that promotes coupons, discounts, and other similar content. Clicking on such content can lead to a fake verification window demanding login credentials for a Facebook account. After successfully retrieving the inserted data and accessing the targetted Facebook account, FlyTrap becomes able to inject malicious JavaScript code in order to collect sensitive information (e.g., IP-addresses, geolocations, e-mail addresses, internet cookies, tokens, etc.). The stolen accounts may thereafter be abused for scamming friends or spreading malware via malicious links or attachments. Thus, FlyTrap is a dangerous infection that may lead to massive security problems and compromise users' identities. Follow our guide below to get rid of the virus from your Android smartphone. After doing so, it is important to change passwords and notify your friends/contacts about the committed hacking.

FBI Ransomware is a file encryptor that restricts access to data and blackmails victims into paying $250 for the recovery. While running encryption, the virus renames all affected files by adding the .fbi extension. For instance, a file like 1.pdf will be renamed to 1.pdf.fbi and reset its original icon as a result of this change. After this, the malicious program creates three totally empty notes (readme.txt, LOCKEDBYFBI.hta, and decryptfiles.html), which contain no information at all. The actual message is displayed in the intractable full-screen window, which opens automatically after the encryption is finished.

Payroll Timetable is a malicious e-mail campaign designed to trick users into downloading a devastating trojan called TrickBot. Developers in charge of this campaign send thousands of identical messages representing fake information about some payroll timetable. By impersonating the name of a legitimate company named PricewaterhouseCoopers and pretending to be its employees, cybercriminals encourage users to review some "irregularities" by opening the attached file. Such text is usually random to users and simply meant to raise curiosity for opening a malicious attachment in .docx, .xls, or other MS Office formats. If you ever receive a message accompanied by some attachment, chances are, this is an attempt to deliver a virus infection. The distributed TrickBot trojan is meant to record sensitive information (e.g., passwords, usernames, e-mails, etc.) and use it for stealing related accounts. The scope of cybercriminals is especially towards various finance-related applications, such as pocket banks or crypto-wallets. Unfortunately, if you trusted the Payroll Timetable e-mail message and opened the attached document, then your system is more likely infected. Use our guide below to avert the damage by running complete deletion of the infection.

S.O.V.A. is a banking trojan virus designed to extract finance-related information from Android devices. Specifically, it was spotted to do so on devices ranging from 7 to 11 Android versions. While being distributed under the disguise of ostensibly legitimate software, the sneaky trojan demands users to grant a number of device permissions. If such permissions are eventually given, the trojan will become capable of reading the device's screen and simulating fake log-in windows to bait users into entering their credentials. As mentioned, the main target of S.O.V.A. is banking information, which means it is likely the trojan will try to collect information from banking applications, cryptocurrency wallets, and other places related to finance. Due to the keylogging abilities, the trojan can record all the typed keystrokes and abuse them for stealing accounts or performing unauthorized money transactions. In addition, it was also observed that S.O.V.A. has access to managing SMS messages and displaying various pop-ups. Allowing such malware to operate for too long may indeed lead to severe privacy issues and potential loss of finance. On top of that, the S.O.V.A. banking trojan is still considered under development and is expected to acquire more features (performing DDoS attacks, operating as screen-locking ransomware, impeding 2FAs (Two-Factor Authentications), and so forth) in future updates. Thus, if you suspect your Android is under the affection of this or similar infection, follow our guidelines below to remove it and ensure further protection against such threats.

JiangLocker is a recent ransomware infection. Alike other malware of this type, it is designed to restrict access to potentially important pieces of data by running secure encryption. During this process, the virus assigns all blocked data with the .jiang extension. To illustrate, a file previously named 1.pdf will change to 1.pdf.jiang and reset its original icon. Following this, JiangLocker changes the desktop wallpapers, displays a pop-up window, and creates a text note called read.ini. The text note duplicates information given inside the pop-up window.

Cyberone is quite a recent ransomware infection that runs encryption of data and asks victims to pay 1 Bitcoin for its decryption. While blocking access to system-stored data, the virus assigns its own .cyberone extension, making all file icons blank. For instance, a file originally named 1.pdf will change to 1.pdf.cyberone and become no longer accessible. Note that most Cyberone versions we have observed can be decrypted for free with the help of a decryption tool released by Avast. You can find more information about it in the article below. After completing encryption, the last piece of the last to start blackmailing victims is the creation of ___RECOVER__FILES__.cyberone.txt and the display of a pop-up window containing decryption guidelines written by cybercriminals.

Diamond Ransomware is a malicious infection designed to encrypt system-stored data and blackmail victims into paying the ransom for its return. While running encryption, the virus renames all targeted files with the .diamond extension. This is simply a visual change meant to highlight the fact that users' system has been infected. Following this, ransomware developers create HOW TO RECOVER ENCRYPTED FILES.TXT - a text file containing decryption instructions.