Noodlophile is a stealer trojan that aims to extract and steal highly sensitive information from users’ computers, including stored passwords, browser information (e.g., cookies), saved payment card details, etc. It’s a very dangerous type of infection that may stay in the background to avoid detection and steal as much information as possible. The operators of this stealer trojan are taking…
P*zdec ransomware, or .p*zdec virus, is a file-encrypting malware from the GlobeImposter ransomware family. This is a serious malware infection because it encrypts files and essentially takes them hostage. This ransomware can be identified by the .p*zdec extension added to encrypted files. Unfortunately, all files users hold host important will have this extension, as they’re the ones users are usually most…
D0glun ransomware, or .@D0glun@ virus, is a file-encrypting malware. These types of infections are designed to take users’ files hostage by encrypting them and demanding a payment for their recovery. This ransomware can be identified by the .@D0glun@[original file extension] extension. The ransomware appears to be targeting Chinese-speaking users, as the ransom note is in Chinese. If the computer does…
Black (Prince) ransomware, or .black virus, is a type of malware that encrypts files. These types of infections take files hostage by encrypting them and demanding a payment for their recovery. The ransomware targets all personal files, encrypts them, and adds the .black extension to them. The ransomware operators will offer you a decryptor, though the price is not specified. Whatever…
The “Binance Airdrop” scam refers to a fake Binance airdrop hosted on claimairdrop-reflection.xyz. It goes without saying that the scam has nothing to do with Binance Holdings, the cryptocurrency exchange platform. Malicious actors are merely using the platform’s popularity to steal users’ money. The fake site invites users to claim the airdrop and asks them to connect their digital wallets. If…
The “Online Webmail Deactivation” email is part of a phishing campaign that targets users’ email login credentials. It’s a generic phishing attempt, disguised as an email from the email service provider, supposedly informing recipients that an unusual login has triggered the email account to be temporarily blocked for security reasons. Users will supposedly be unable to use their accounts unless they…
The “European Data Protection Supervisor” email is a fake email from supposedly the European Data Protection Supervisor. The email has a file attached to it that claims an investigation by Europol has been launched against the recipient, supposedly because of “potential illegal activities involving the use of computer networks”. Specifically, illegal activities involving possession and dissemination of child abuse material, and…
StarFire ransomware is a file-encrypting malware. The ransomware takes users’ files hostage by encrypting them and demands payment for a decryptor to recover them. The malware can be identified by the .Celestial extension added to encrypted files. If your files have that extension, you will not be able to open them until you put them through a decryptor. However, the…
ARCH WIPER ransomware is a type of malware that encrypts files. The malware is either still in development and is currently being tested, or its operators are simply trying to cause damage as they do not offer a decryptor. That is unusual for ransomware, as operators usually try to sell the decryptor so they can make money. In this case,…
The “Message Restriction Activity” email is part of a phishing campaign that tries to trick users into disclosing their email login credentials. The email claims that 5 new emails have not been delivered to users’ inboxes for unspecified reasons. If users want to get the emails, they are asked to click on the provided button. However, doing that would lead users…