Gridinsoft Security Lab

What is Trojan:Win32/Tnega!MSR?

Trojan:Win32/Tnega!MSR

Stephanie AdlamJun 27, 20244 min read

Trojan:Win32/Tnega!MSR is a malicious program that functions to deliver other malware. It uses numerous anti-detection tricks and is often distributed…

Proxyjacking - A New Tactic Of Old Hackers

Proxyjacking: The Latest Cybercriminal Invention In Action

Stephanie AdlamJul 7, 20237 min read

Today, in the constantly changing world of cyber threats, attackers always look for new ways to get more benefits with less effort. Recently, researchers found an example of this and called it proxyjacking for profit. What is proxyjacking? Proxyjacking is an attacker’s illegal use of a victim’s bandwidth for its own good. The closest related process to proxyjacking is called cryptojacking. It involves an attacker illegally using the victim’s device power to mine cryptocurrency. There is nothing new under the…

New PlugX malware attacks target European diplomats

PlugX malware attacks European diplomats

Stephanie AdlamJul 6, 20234 min read

Over the past few months, researchers have been monitoring the activity of a Chinese threat actor using PlugX malware to target foreign and domestic policy entities and embassies in Europe. This is a more significant trend among Chinese-based groups increasingly focusing on European entities, particularly their foreign policy. The countries most targeted in this campaign are Central and Eastern European countries such as Slovakia, the Czech Republic, and Hungary. Key target of these attacks is likely obtaining sensitive information about…

RedEnergy – Ransomware or Infostealer?

RedEnergy Stealer-as-a-Ransomware On The Rise

Stephanie AdlamJul 4, 20235 min read

Researchers have discovered a new form of malware called RedEnergy Stealer. It is categorized as Stealer-as-a-Ransomware but is not affiliated with the Australian company Red Energy. A malware called RedEnergy stealer uses a sneaky tactic to steal sensitive data from different web browsers. Its fundamental spreading way circulates fake updates – pop-ups and banners that bait the user to install what appears to be the malicious payload. RedEnergy also has multiple modules that can carry out ransomware activities. Despite using…

Darknet Forums and Malware Spreading: All You Need to Know

Malware Propagation On Darknet Forums

Stephanie AdlamJun 21, 20238 min read

The forums on the dark web are well-known for being a hub of cybercriminal activity, including an auction system. Here, bad actors can trade tips on hacking, share samples of malware, and demonstrate how to exploit vulnerabilities. For those who develop malware, Darknet communication platforms, specifically forums, became a perfect marketing platform. The developers of questionable or dual-purpose software appreciate such a law-free place as well. Here, I’ve picked 6 malware samples that are promoted actively on the Darknet. EvilExtractor…

Cloud Mining Scams Spread Roamer, the Android banking trojan

Cloud Mining Scams Spread Banking Trojans

Stephanie AdlamJun 16, 20234 min read

It’s no secret that cybercriminals are increasingly using mobile platforms as an attack vector lately. One example is a new Android malware. It spreads through fake cloud mining scams services and targets cryptocurrency wallets and online banking apps. Analysts dubbed this banking trojan as Roamer, though hackers may use different other malware for such attacks. What are we talking about? The era of hype around crypto-mining is over, and the shortage of video cards and mining farms is a thing…

Windows Key Code Is Not Valid - What Is This Page?

What is “Windows Key Code Is Not Valid And Seems Pirated”?

Stephanie AdlamJun 7, 20236 min read

Windows Key Code Is Not Valid And Seems Pirated appears to be a new scary scam approach used to trick Windows users. Banners with this prompt may appear out of nowhere, and can really scare inexperienced users. Let me explain to you what’s the matter with this banner, if you really have any issues, and how to avoid such notifications in future. Windows Key Code Is Not Valid And Seems Pirated – Is that true? First and foremost – no.…

Business Email Compromise Attacks Explained

What is Business Email Compromise (BEC) Attack?

Stephanie AdlamJun 1, 20238 min read

Business email compromise attack, or shortly BEC, is a relatively new vector of cyberattacks. Dealing primary damage by exposing potentially sensitive information, also allows hackers to use the email for further attacks. The potential efficiency of these attacks is thrilling, and cyber criminals already apply them to conduct chain attacks. Let’s figure out a precise business email compromise definition, how these attacks work, and how to counteract them. What is a business email compromise? The term business email compromise mostly…

MDBotnet Extensively Used in DDoS Attacks

New MDBotnet Malware Rapidly Expands a DDoS Network

Stephanie AdlamMay 30, 20236 min read

MDBotnet is a new malware strain that appears to be a backbone of a botnet, used in DDoS-as-a-Service attacks. Being a backdoor biassed towards networking commands, it appears to be another sample of russian malware. Analysts already report about the IPs related to this botnet being used in DDoS attacks. Let’s see why it is so special and how you can avoid having troubles with MDBotnet. MDBotnet Malware Description Darknet posts that offer DDoS attacks services are not something ridiculous.…

Godaddy Refund Phishing Scam

GoDaddy Refund Phishing Emails Spread Infostealer

Stephanie AdlamMay 26, 20235 min read

Hackers started using GoDaddy Refund Emails as a disguise to trick the users into installing malware. In order to deploy the payload, they opted for a particularly new tactic or, well, combination of ones. As a payload, a unique free open-source Invicta Stealer is used. GoDaddy Refund Email Phishing Being a widely popular web hosting provider, GoDaddy obviously has a line of different options for money chargebacks. Some people are not happy with how the service works, some people want…

What Ducktail malware and how to avoid it?

Ducktail Infostealer Malware Targeting Facebook Business Accounts

Stephanie AdlamMay 19, 20236 min read

Researchers discovered Ducktail Malware, which targets individuals and organizations on the Facebook Business/Ads platform. The malware steals browser cookies and uses authenticated Facebook sessions to access the victim’s account. As a result, the scammers gain access to Facebook Business through the victim’s account, which has sufficient access to do so. It is a particularly interesting behavior, as most stealer malware aims at cryptocurrency-related data, or even all data types at once. What is Ducktail Malware? Ducktail is malware built on…

RedLine Stealer is Off to a Low Start

RedLine Stealer Issues 100,000 Samples – What is Happening?

Stephanie AdlamMay 15, 20235 min read

Throughout the entire early May 2023, GridinSoft analysts team observed an anomalous activity of RedLine stealer. It is, actually, an activity different from what we used to know. Over 100,000 samples of this malware appeared through the first 12 days of the month – that is too much even for more massive threats. Needless to say for stealer malware such a massive outbreak is confusing, to say the least. What is RedLine malware? First, let me remind you what RedLine…

Fake Windows Update in Browser Deliver Aurora Stealer

Stephanie AdlamMay 11, 20237 min read

Fake Windows Update became a malware spreading way once again. Updates are a pretty routine part of the Windows user experience. Over the last 7 years, Windows users mostly used to see the familiar update icon in the tray. Inexperienced people, however, do not know the mechanics of Windows update, and can be trapped with the disguise of a “legitimate” and “trusted” update. Crooks who spread Aurora spyware seemingly opted for that approach in spreading their malware. Fake Windows Updates…