Virus and Spyware Removal Guides, uninstall instructions

What is Cyberpunk 2077 mobile ransomware?

Cyberpunk 2077 mobile ransomware is a malicious application and the Android version of CoderWare ransomware. This malware is designed to encrypt the data stored in Android operating systems in order to make ransom demands for decryption tools.

During the encryption process, all affected files are appended with the ".coderCrypt" extension. For example, a file originally named something like "1.jpg" would appear as "1.jpg.coderCrypt", "2.jpg" as "2.jpg.coderCrypt", and so on. After this process is complete, a ransom-demand message is displayed.

This ransomware has been observed being spread via a deceptive website closely mimicking the Google Play Store. On this web page, Cyberpunk 2077 mobile ransomware is presented as the mobile version of the Cyberpunk 2077 video game. Note that, at the time of writing, due to the aforementioned game's recent and popular release, its name has been actively and successfully exploited by cyber criminals and scammers alike.

What is Msf?

Msf ransomware encrypts files, renames them (by adding the victim's ID, metasploit@post.com email address, and appending the ".msf" extension to filenames), displays a pop-up window, and creates the "FILES ENCRYPTED.txt" text file. For example, "1.jpg" is renamed to "1.jpg.id-C279F237.[metasploit@post.com].msf", "2.jpg" to "2.jpg.id-C279F237.[metasploit@post.com].msf", and so on.

The pop-up window and "FILES ENCRYPTED.txt" contain ransom messages with instructions about how to contact the developers. Note that Msf belongs to the Dharma ransomware family.

What is the titionasses[.]fun site?

titionasses[.]fun is a rogue website that shares many common traits with thehugefeed.com, rymothere.fun, oodsother.space, richinfo.co, cenesserie.fun and countless others. Sites of this type present visitors with dubious content and/or redirect them to other untrusted and even malicious web pages.

Few users access titionasses[.]fun intentionally - most are redirected to it by intrusive ads or by Potentially Unwanted Applications (PUAs) already installed on their systems. After successful infiltration, PUAs cause redirects, run intrusive advertisement campaigns, and collect browsing related information.

What is thehugefeed[.]com?

thehugefeed[.]com is a rogue website, whereby visitors are presented with dubious content and/or are redirected to other untrusted and possibly malicious pages. These sites are common on the web - rymothere.fun, boonfracto.fun, and oodsother.space are just some examples of other, similar web pages.

Users typically access thehugefeed[.]com and similar sites via redirects caused by intrusive ads or by Potentially Unwanted Applications (PUAs). These apps do not need explicit user consent to be infiltrated into devices. Following successful installation, PUAs cause redirects, run intrusive advertisement campaigns, and collect browsing-related information.

What is rymothere[.]fun?

People do not often vistit rymothere[.]fun or similar sites intentionally. Some examples of other, similar web pages include boonfracto[.]fun, veadoles[.]online and cenesserie[.]fun. Commonly, these pages are promoted by potentially unwanted applications (PUAs), which many users download and install inadvertently.

What is Macfaster Pro?

Macfaster Pro is an untrusted application presented as a system cleaner and optimizer for Mac operating systems. In fact, the threats and issues it detects are fake.

The use of nonexistent problem detection is intended to trick users into purchasing Macfaster Pro. Furthermore, most users download/install this app inadvertently, and therefore it is classified as a Potentially Unwanted Application (PUA).

What is boonfracto[.]fun?

boonfracto[.]fun is an untrusted website that should be avoided. Typically, these sites are promoted via deceptive ads, other bogus web pages, or potentially unwanted applications (PUAs). Therefore, if a browser opens boonfracto[.]fun automatically, it is likely that a PUA is installed on it.

Some examples of other web pages similar to boonfracto[.]fun are, veadoles[.]online and cenesserie[.]fun.

What is the fake "Findomestic" email?

"Findomestic Email Virus" refers to a spam campaign proliferating Ursnif trojan-type malware. The term "spam campaign" defines a mass-scale operation, during which thousands of deceptive/scam emails are sent.

This spam campaign targets Italian users and is disguised as a notification concerning recipients' debts, supposedly from Findomestic, which is a legitimate consumer credit institution.

Note that these messages are in no way associated with the Findomestic banking company and none of the information provided in them is genuine. The purpose of these scam emails is to trick recipients into opening the file attached to them, thereby initiating the infection process of Ursnif. This Trojan stealthily infiltrates systems and extracts information stored in and accessed through them.

What is the "This computer was automatically blocked. Reason: Pirated software has been detected" message?

The 'Pirated software has been detected' message blocks computer systems demanding payment of a fine for supposedly owning pirated software. This is a scam, a ransomware virus that infiltrates operating systems via drive-by downloads, exploit kits, infected email attachments, and fake downloads (for example, rogue video players, or fake Flash updates).

After successful infiltration, this malicious program blocks the computer screen with a message stating that pirated content was detected and that the user must pay a 500 EUR (or 500 CAD) fine using bitcoins within three days to avoid criminal charges and arrest.

Cyber criminals responsible for creating this scam aim to trick PC users into believing that they have committed law violations and must pay the fine as a consequence. In fact, no international authorities (including the Department of Justice) use screen blocking messages to collect fines for any law violations.

What is oodsother[.]space?

Sharing many similarities with veadoles.online, sonoffer.online, cenesserie.fun, indexspotcaptcha.com, and thousands of others, oodsother[.]space is a rogue web page. Visitors to this site are presented with dubious content and/or are redirected to other bogus or possibly malicious websites.

Few users access oodsother[.]space or similar sites intentionally - most are redirected to them by intrusive advertisements or by Potentially Unwanted Applications (PUAs) already installed on the system. This software does not require explicit user permission to infiltrate devices, and thus users may be unaware of its presence.

PUAs cause redirects, run intrusive ad campaigns, and collect browsing-related data.