Viruses

iTerm2 is a popular terminal emulator designed for macOS, providing advanced features like split panes, session restoration, and extensive customization options. However, the trojanized version of iTerm2 malware functions as a backdoor, surreptitiously installing additional malicious software onto the system. This fake application can significantly compromise the device, leading to severe privacy breaches, data theft, and financial losses. Once installed, the malware can exfiltrate sensitive information, monitor user activities, and even grant remote access to cybercriminals. Consequently, affected systems may experience degraded performance, unauthorized data transmission, and potentially, identity theft. Users are advised to download software exclusively from verified sources to avoid such infections. Employing robust antivirus solutions is also essential to detect and eliminate this and similar threats effectively.

Trojan:VBS/Pordeezy!lnk is a type of malware that leverages malicious Visual Basic script to execute harmful actions on a compromised Windows machine. This Trojan often disguises itself as a legitimate application, tricking users into installing it. Once installed, it can perform a variety of malicious activities, including disrupting online connectivity, initiating unauthorized file transfers, and downloading additional malware from remote servers. The Trojan may modify shortcut links on the desktop or in the start menu, causing these links to execute harmful scripts each time they are clicked. Symptoms of infection can include unexpected browser redirects, sluggish system performance, and alerts from antivirus programs. Immediate removal is recommended to prevent further damage and potential data loss. Employing reliable antivirus tools and running scans in Safe Mode can help detect and eliminate this threat effectively.

Magniber Ransomware (My Decryptor Ransomware) is a wide-spread crypto-virus, that targets Windows-PCs. Focuses on English and South Korean users. Since June 2018, Magniber attacks have shifted to other countries in the Asia-Pacific region: China, Hong Kong, Taiwan, Singapore, Malaysia, Brunei, Nepal and others. The virus got its name from the combination of the two words Magnitude + Cerber. Here, Magnitude is a collection of exploits, the last for Cerber is the vector of infection. With this threat, the Cerber malware ended its distribution in September 2017. But on the Tor site of the ransomware it is stated: My Decryptor, here is where second part of the name came from. After encryption, Magniber My Decryptor Ransomware can add 5-6-7-8 or 9 random letters as file extension. During the years ransomware used various names for ransom note files: _HOW_TO_DECRYPT_MY_FILES_[random]_.txt, READ_ME_FOR_DECRYPT_[random]_.txt, READ_ME_FOR_DECRYPT.txt. But the most actual is READ_ME.txt.

Qilin Ransomware is a formidable threat that belongs to the Agenda family of ransomware, known for its ability to encrypt various file types including documents, images, and videos, rendering them inaccessible to the user. Upon infection, it appends a unique string in the form of a file extension to each targeted file, which can be represented as *.random_string. This transformation indicates that the file has been compromised, and access has been effectively locked by the attackers. Alongside this encryption, Qilin Ransomware generates a ransom note, titled [random_string]-RECOVER-README.txt, which is placed in every folder containing encrypted files. This document contains critical information regarding the attack, including instructions on how to contact the attackers and details regarding the ransom payment for the decryption key.

Adobe Ransomware, also known as the Adobe virus, is a type of malicious software that belongs to the Dharma ransomware family. This cyber threat predominantly targets Windows operating systems, aiming to encrypt sensitive user files, rendering them inaccessible. Once the system is compromised, Adobe Ransomware appends specific file extensions to the affected files, most commonly .adobe or .adobee, in addition to a unique identifier and an email address of the attackers. As a sophisticated ransomware variant, it typically employs robust encryption methods, often relying on asymmetric encryption algorithms. This means that files are locked with a unique key that is stored on a remote server controlled by the attackers, making unauthorized decryption without their intervention nearly impossible. The attackers usually emphasize the importance of contacting them for decryption, creating a daunting scenario for victims. Upon successful encryption, victims are presented with a ransom note contained within a text file labeled FILES ENCRYPTED.txt, which is generated during the attack. This note includes a message indicating that all files have been locked due to a security issue and instructs victims to contact the cybercriminals at a specified email address to negotiate a ransom payment, typically demanded in Bitcoin.

FridayBoycrazy Ransomware is a significant threat that has emerged recently, designed to encrypt files on infected systems and extort ransom payments from victims. This variant, based on the Chaos ransomware, exhibits a severe level of damage by actively encrypting various file types and making them inaccessible without a decryption key. Once this malicious software is executed, it meticulously renames encrypted files by appending a string of random characters to their original extensions. For example, a file named 1.jpg may be altered to 1.jpg.j3y4, making recovery efforts more challenging for victims. Upon completion of the encryption process, it generates a ransom note named Warning.txt, which is typically placed on the desktop and informs users that their files have been compromised. The perpetrators claim that decryption without their assistance is impossible, thereby fueling fear and urgency in their victims to pay the ransom.

PUA:Win32/SBYinYing is a potentially unwanted application (PUA) that often accompanies cracked or pirated software, particularly games. This type of unwanted software usually displays intrusive ads and can redirect users to potentially harmful websites, posing risks akin to those of adware and browser hijackers. Notably identified by Microsoft Defender, PUA:Win32/SBYinYing is most commonly associated with a file named "EMP.dll," found in repackaged games. Once installed, it gathers basic user information and performs defense evasion techniques typical of more malicious software, such as file obfuscation and data encryption. Additionally, it leverages legitimate Windows processes like rundll32.exe and WerFault.exe to execute its code and maintain persistence on the infected system. The software also exhibits significant network activity, making DNS requests that may indicate communication with command servers. While primarily functioning as adware, it can indirectly lead to more severe security issues by directing users to malicious websites, thereby increasing the risk of data theft or further infections.

LianSpy Malware is a type of spyware specifically designed to target Android devices, engaging in invasive activities such as taking screenshots and collecting sensitive data. First identified in the summer of 2021, this Trojan is believed to primarily target Russian users, but its reach may extend to other regions as well. Operating stealthily, LianSpy employs various evasion techniques, including impersonating legitimate applications and hiding notifications related to its activities. Once installed, it can gain extensive permissions, allowing it to monitor call logs, contacts, and app usage while filtering notifications based on a predefined keyword list. The malware can also self-update, broadening its capabilities and target list over time. This poses significant privacy risks, including potential identity theft and financial losses. Users may notice symptoms like increased data and battery usage, as well as a general slowdown of their devices. Immediate removal is crucial to mitigate the severe consequences associated with LianSpy infections.