Tag: Malware

rsEngineSvc.exe Process: Reason Core Security Engine Service

The presence of rsEngineSvc.exe is a sign of an unwanted program running in the system

RsEngineSvc.exe is an executable file associated with RAV Antivirus, a program developed by ReasonLabs. While being less dangerous than malware, it may be categorized as PUP (Potentially Unwanted Program). This kind of software is usually bundled with other free applications and installed without the user’s knowledge or distributed through deceptive advertising. Is Rsenginesvc.exe Virus? As… Continue reading rsEngineSvc.exe Process: Reason Core Security Engine Service

AcroTray.exe

Acrotray.exe is an Adobe Acrobat background process that manages printing, updates, document conversion.

The Acrotray.exe process is one of the important components provided by Adobe Systems. This process is associated with Adobe Acrobat software and often starts automatically when the Windows operating system starts. However, not every user knows what this process is, what it is for and whether it is safe. Let’s do a complete technical analysis… Continue reading AcroTray.exe

Malware vs Virus

An exhaustive explanation of the difference between Malware and Virus

It is particularly easy to hear people calling the same thing malware or virus. However, while both terms are often used interchangeably, they carry distinct meanings. In this article, I will elucidate the definitions of each term and explain malware vs virus differences. Malware vs Virus – Is There Any Difference? The terms malware and… Continue reading Malware vs Virus

Program:Win32/Uwamson.A!ml

Win32/Uwamson.A!ml is a troublesome detection that we will help you deal with.

Win32/Uwamson.A!ml is a specific name of a Microsoft Defender detection. This designation indicates that the suspicious program or file scanned by the antivirus has characteristics of malware. That is, the program has characteristics that are typical of viruses and other malware. Moreover, it can often be a false positive detection. Let’s look at it in… Continue reading Program:Win32/Uwamson.A!ml

VirTool:Win32/DefenderTamperingRestore

VirTool:Win32/DefenderTamperingRestore stealthily infiltrates the system registry and disables protection.

VirTool:Win32/DefenderTamperingRestore is the name of the Microsoft Defender detection of a malicious element present in the system. Usually, it marks a thing that can weaken the system’s security and make the device vulnerable to malware injection. Let’s find out how dangerous this is, and how to deal with it. Threats like VirTool are often the… Continue reading VirTool:Win32/DefenderTamperingRestore

How to remove Trojan:Script/Wacatac.B!ml

Wacatac is a common noun for a wide group of spyware

Trojan Wacatac is an umbrella detection for a wide range of malicious software, that shares functionality and code. In particular, the Wacatac name points to malware with dropper capabilities that are used to deliver ransomware. Trojan Wacatac Detection Trojan:Script/Wacatac.B!ml and Trojan:Win32/Wacatac.B!ml detection is one of the numerous detection names that Microsoft assigns to minor malware… Continue reading How to remove Trojan:Script/Wacatac.B!ml

Infostealers Made With Electron On The Rise

Hackers use an unusual framework and packing method to create and spread malware

AhnLab Security Intelligence Center (ASEC) has identified a new strain of Infostealer malware created using the Electron framework. These apps are packaged in NSIS installer format, which the attacker used for the malware. Distribution of Infostealer Made With Electron ASEC has discovered a new malware strain with some unusual properties. It uses Electron, a popular… Continue reading Infostealers Made With Electron On The Rise

GitHub and GitLab CDNs Abused to Spread Malware

Threat actors found a new approach of spreading malware through benign repositories

Recent research around new spreading approaches of one stealer malware family revealed a new way to abuse GitHub. Instead of creating repositories that contain malware files, hackers push the files they need through the issue reporting mechanism in the repository menu. This allows for making malware look like a file from a legit repo, bypassing… Continue reading GitHub and GitLab CDNs Abused to Spread Malware

OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes

OpenMetadata vulnerabilities are exploited to mine cryptocurrency

Microsoft security blog reports that the OpenMetadata platform has critical vulnerabilities that allow attackers to exploit Kubernetes workloads for crypto mining. Five vulnerabilities allow attackers to bypass authentication and execute Remote Code Execution. Microsoft recommends updating to OpenMetadata and employing robust authentication measures. OpenMetadata Vulnerabilities Threats Kubernetes Workloads, Actively Exploited According to the recent Microsoft… Continue reading OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes

Virus:Win32/Expiro

Virus:Win32/Expiro is a backdoor-like malware that takes advantage of different programs

Virus:Win32/Expiro is a detection of Microsoft Defender that refers to a malware with backdoor capabilities. It allows attackers to control the compromised system, spy on it, install other malware, manipulate systems, and create botnets. This malware is distributed under the guise of legitimate software. Once the computer is infected, it can spread to other executable… Continue reading Virus:Win32/Expiro