Trojans

Discovered in 2019, Cerberus is a malicious program categorized as a banking trojan that has been targetting Android users. This application is disguised as Adobe Flash Player Updater and gets downloaded as an .apk file. Alike executable files, .apk extensions are meant to initiate the installation of applications. Whilst users think that it will update the promised software, they inadvertently get infected with a malicious program without consent. Thereafter, cybercriminals can control your device by connecting to a botnet and receiving commands from Command & Control (C2) server. Once extortionists establish contact with your device, they can easily operate it by sending commands remotely. This means that swindlers are able to see and gather sensitive data, credentials, change settings, and run other manipulations that expose your activity to third parties. Note that social networks and bank accounts can be hacked and hijacked for scams and revenue purposes. If you suspect Cerberus infected your device, then you should perform an immediate scan and delete it as soon as possible. We will discuss how to do it a little bit deeper in the article below.

RedLine Stealer is a malicious piece of software that targets computer users in order to steal important data. The virus is publicly available on hacker forums for the price of 150-200$. It is therefore employed to install on unprotected systems and start collecting sensitive information like passwords, logins, banking-related details, and other types of data to access various accounts in social media, banking apps, or cryptocurrency wallets. Among the list of targeted crypto-wallets are AtomicWallet, Armory, BitcoinCore, Ethereum, DashCore, Electrum, Bytecoin, Zcash, Jaxx, Exodus, LitecoinCore, and Monero as well. It was also spotted to disable the operation of VPN clients like ProtonVPN, OpenVPN, and NordVPN - presumably to alleviate the data collection process. In general, RedLine Stealer is designed to capitalize on the gathered data. Cybercriminals may therefore misuse valuable information to generate profits and cause reputational damage. It is also possible that this virus delivers additional malware like trojans or high-risk infections similar to ransomware (file-encryptors). Thus, if you suspect RedLine Stealer to have attacked your system, immediately use our tutorial below to remove the infection and restore a safe computer experience.

Previously known under the name of Aberebot, Escobar is a banking trojan developed for Android. The main goal of such software lies in the pursuit of valuable information that cybercriminals seek to capitalize on. After successfully committing an attack on Android devices, Escobar obtains a wide number of capabilities - it is, therefore, able to send remote commands, control the screen, manipulate SMS messages, record audio, take photos, disable protection, memorize keystrokes, redirect to websites asking to enter login credentials, modify the list of installed applications, and many other actions as well. In short, Escobar gains the entire control over your device which makes it almost unlimited in doing whatever it wants. The rebranded banking trojan also acquired a feature of looking into the Google Authenticator and recording one-time-use passwords from it. Escobar malware is now explicitly advertised on hacking forums at a price of 3000$ per monthly subscription. The recorded information may be afterwards used to access banking accounts and perform transactions without the consent of actual owners. Escobar is a very devastating infection. Its presence may lead to many privacy issues and risks of losing the finance. Thus, it is important to delete it from your Android smartphone as soon as possible before it does even more damage.

Also known as FoxBlade, HermeticWiper is a devastating virus designed to erase system-stored data and prevent machines from responding or working completely. Malware with such capabilities is usually known as disk wipers. HermeticWiper was discovered attacking governmental bodies and business structures in Ukraine on February 24. Many researchers think HermeticWiper was given this name based on a digital certificate stolen from a company called Hermetica Digital Ltd. This certificate allows the virus to disguise itself as legitimate software to bypass the detection of Windows. Upon successful infiltration, HermeticWiper corrupts the majority of stored data and deletes Windows Shadow Copies as well. This functionality leads to permanent data loss making victims unable to recover it afterwards. As mentioned, HermeticWiper makes infected systems practically unusable - it does so by disrupting the Master Boot Record (MBR), an important Windows sector responsible for properly starting the system. As long as HermeticWiper holds control around your system, it can do almost whatever it wants - install additional malware, launch DDoS attacks, record keystrokes, audio, video, abuse system resources to mine cryptocurrencies, deploy remote commands, and many other disruptive actions. HermeticWiper is not the only but one of few viruses distributed within this geopolitical campaign on Ukraine.

AppLovin is an adware application that infects users of Android smartphones. Although it may look like a legitimate and world-famous video-sharing service called TikTok, there is nothing common between them. AppLovin is fake and designed to promote various ads, pop-ups, coupons, and download pages that run stealth infections using executable scripts. Whatever is spread by AppLovin should not be trusted and followed by users. A deeper investigation showed that AppLovin's main focus is set on Jio devices which are popular in India. Jio is an official Indian company providing Internet and smartphone products in India. AppLovin also displays a sign-in screen. The entered credentials may be recorded by the app to steal TikTok accounts or hack you on other websites registered using the same credentials. It was also discovered that AppLovin abuses the hijacked devices to send spam messages with download links to other Jio owners. In sum, AppLovin was clearly developed for causing privacy threats and downgraded smartphone performance. Users that are infected with this application, should instantly remove it before it does significant damage. You can follow our instructions below to do it correctly and without traces.

Medusa was analyzed and eventually assigned to the category of banking trojans. It infects Android users to grant cybercriminals with remote access over the device. From there, swindlers may be able to execute various commands - e.g. extract valuable data, force-open unwanted websites, or download other malware as well. On a general level, the trojan can do whatever it wants ranging across actions like viewing your screen, navigating through installed apps, unlocking the screen, recording keystrokes (to steal passwords), and also streaming both camera and audio in real-time. This specific feature is most likely used to perform malicious and fraudulent commands while nobody is using the phone. As mentioned, Medusa is categorized as a banking trojan meaning its main target is set on hijacking credentials to log into banking applications. This is therefore needed to perform transactions and steal users' money without consent. Medusa is one of those trojans leading to serious consequences related to privacy and financial risks. If you spotted your device began to act weird and without your consent, do not linger and remove the virus using our tutorial below.

Shlayer is a trojan-based infection designed to cause a chain of multiple malware infiltrations on your device. The number of malware may vary from typical adware or fake search engine tools to more dreadful types like Ransomware that inevitably encrypts users' data. Once the trojan sneaks into the system it starts running scripts that install malware along the way. For example, the adware can distribute deceptive on-screen advertisements that redirect users to malicious resources that trick inexperienced people into downloading malware. All of these methods are basically developed for gathering personal information like passwords, geolocations, credentials, and other data that is transferred to third parties for income purposes. Shlayer Trojan has been spotted bundling Chumsearch Safari browser extension, MyShopCoupon, and fake optimization utilities like Mac Cleanup Pro that can also put your data at risk. Getting rid of Shlayer Trojan is the number one thing that you should do to prevent further infections. Thereafter, you will have to uninstall everything caused by the trojan to relieve your device from malware pressure.

Also known as Client Service Runtime Process, Csrss.exe is a legitimate system process that is essential to Windows health. It can be found running alongside other background processes in Task Manager. The native location Csrss.exe is always rooted to C:\Windows\System32\. If you find it present in other directories, more likely it is a virus infection disguised as a legitimate process. Cybercriminals take the names of Windows processes to hide trojans or similar software. By doing so, they also obscure scanning algorithms of anti-malware software, which sometimes struggles to define it as malware. Despite this, it is quite easy to determine whether this process is malicious or not. You can find it amongst the list of background processes in Task Manager, right-click on it and choose "Open file location" to see where it is. If you suspect it is a virus indeed, make sure to follow our guidelines below. The Csrss.exe process is known to be exploited by malware developers to hide malicious software that steals personal data and triggers the installation of other programs as well. This is why it is necessary to remove it as soon as possible before it deals severe privacy damage.