Gridinsoft Security Lab

Trojan:Win32/Znyonm is a detection often seen during the backdoor malware activity in the background. Such malware can escalate privileges, enable remote access, or deploy more payloads. Let’s dive into this malicious program, understand how it works, and see how to remove it. What is Trojan:Win32/Znyonm? Trojan:Win32/Znyonm is a detection associated with backdoor malware, usually the one that uses deep obfuscation and anti-analysis techniques. In particular, this detection name appears with malware like GuLoader, Remcos RAT, and Pikabot. Others can also…

The “Internet Is A Dangerous Place” scam is a novel type of threatening email message that targets people with threats of intimidation and exposure. In this fraudulent email, the scammer claims to have obtained some compromising information and recordings. They further demand a ransom to prevent publishing the data to the public. Internet Is A Dangerous Place Scam Overview “Internet is a dangerous place”, or “Security status not satisfied” are both names of the same email scam campaign. It falls…

Cybercriminals appear to exploit Binance smart contracts as intermediary C2, preferring them over more classic hostings for them being impossible to take down. It is currently used to deploy infostealers, but potential application for such malignant purposes allows for working with pretty much any malware. Cybercriminals Use BSCs As C2 Infrastructure A new technique, coined EtherHiding, was described over half a year ago, in October 2023. Analysts noticed the shift in the networking patterns of a now-old scheme that tricks…

Trojan:Win32/Wacatac.H!ml is a detection of Microsoft Defender that may flag several different malware families. Once installed, it can deliver additional malicious payloads, manipulate system settings, and encrypt user data. On the other hand, it can sometimes be a false positive detection. Trojan:Win32/Wacatac.H!ml Overview Trojan:Win32/Wacatac.H!ml is a detection of Microsoft Defender that flags a wide range of malware, which share similar functionality. In particular, Wacatac.H!ml appears when there is a ransomware active in the system, or a dropper (loader) malware that…

PUA:Win32/Vigua.A is a universal detection name used by Microsoft Defender to detect potentially unwanted applications (PUAs). This is often associated with various system optimizers that have hidden functionality in addition to their stated functions. PUA:Win32/Vigua.A Overview PUA:Win32/Vigua.A is a generic detection associated with unwanted software positioned as a system optimizer. Usually, it falls under scareware definition – an app that finds many issues in the system and requires purchasing the full software version to fix them. Alternatively, such apps offer…

Sihost.exe is a crucial background process for Windows 11/10 that governs essential features like the context menu and action center. However, it can sometimes malfunction and disrupt system stability. In this article, we unravel the essence of Sihost.exe and equip you to eliminate troubles within your system. Sihost.exe – What is It? Windows has many background processes, each of which is responsible for something. The Sihost.exe process (Shell Infrastructure Host file) is a critical executable file that executes various system…

Antivirus engine of MaxSecure, a well-known cybersecurity vendor, currently shows massive amounts of false positive detection with the name Win.MxResIcn.Heur.Gen. It touches numerous legitimate and safe programs and is likely an outcome of the issues with the heuristic engine. The developer does not comment on the situation publicly, presumably communicating in support tickets. Win.MxResIcn.Heur.Gen Detection Flags Legit Programs The first public complaints about MaxSecure antivirus detecting safe programs as Win.MxResIcn.Heur.Gen appeared around June 14. A huge amount of similar reports…

A heuristic virus is a term for malicious programs detected by heuristic analysis. This method flags potential threats by looking for abnormal activities, such as unusual network connections, file modifications, and process behavior. While heuristic detection can identify previously unknown malware, it is prone to false positives. What is Heuristic Virus? A heuristic virus is a term that users commonly apply to malicious programs detected by heuristic detection systems. Antivirus software uses heuristic analysis to detect new, previously unknown viruses…

The Malware world evolves constantly, and it would be reckless to ignore newcomers and their potential. Meduza Stealer appears to be a pretty potent stealer variant with its unique features and marketing model. Additionally, this malware may be considered a firstling of a new malware generation – one which breaks old geolocation filtering rules. What is Meduza Stealer? Meduza is an all-encompassing infostealer, which is somewhat similar to the old guard at a glance. However, well-known things such as Redline…

The Cybercrime world changes rapidly – both by expanding, collapsing, and evolving extensively and intensively. One of the most massive malware types in the modern threat landscape – Infostealer Malware – appears to enter a new stage of development. Though its major names remain the same, some new malware families with promising features popped out. Let’s have a peek at all of them and see what to expect. Infostealer Malware Market in 2024 Infostealer malware gained more and more popularity…

SearchHost is a process responsible for indexing the Start menu and Explorer search files in Windows 10/11. It allows you to conveniently search for files on your computer by indexing their contents. However, this process can be spoofed by a coin miner or malware that uses its name to masquerade on your system. How to know if this process is a virus? And what should I do in the case of searchhost.exe high memory and GPU usage? Here is our…

Over the last four years, the share of script-based attacks of malware offenses worldwide has grown so drastically that it raised alerts among security specialists and ordinary users. In this post, we shall regard script-based malware, assess its strengths and weaknesses, explain how the attacks happen, and suggest measures to maintain security in your workgroup. What is Script Malicious Code? To understand how someone can run a script-based attack on a computer, we must know what scripts are. They are…