Threat research notebook
Fresh malware notes, phishing samples, scam redirects, ransomware observations, and field reports from Gridinsoft research. No gallery, no filler: date, case, finding, next read.
297 lab recordsFraud teams have been passing around the same kind of screenshot lately: a passport-style fake ID produced by an AI image generator. The output looks clean enough to fool a quick glance - readable...
Just when you thought cybercriminals couldn't get more creative, they've found a way to weaponize our...
Defender found Trojan:Win32/Leonem or Leonem!rfn? Treat it as password-stealing spyware, quarantine it, scan persistence, and secure...
Octalyn Stealer is an information-stealing malware that's currently being promoted on GitHub - because apparently, even...
Trojan:Win32/Kepavll!rfn is a Defender alert. Check the file path, source, signature, repeat alerts, and safe restore/removal steps.
For Minecraft Gamers: MaxCoffe masquerading as a Minecraft performance enhancer! MaksStealer is an information-stealing trojan targeting Minecraft players, especially those on the popular Hypixel...
What is Almoristics Application? Almoristics Application is not a normal Windows component. Users usually investigate it because CPU usage, fan noise, or background processes...
Fake account verification scams push users to confirm passwords, codes, payment details, or identity data through phishing links. Learn how to verify alerts safely...
The "0.31 BTC Xprobit ELON31 Promo code" promising 0.31 BTC is a scam, designed to deceive users into depositing funds they cannot withdraw. Xprobit.com,...
“Someone Entered Correct Password For Your Account” is a phishing email scam. The message pretends to be a security alert and says someone used...
PE32 Ransomware is a recently discovered malware strain that encrypts your files and asks for payment to unlock them. Victims can recognize the files...
AggregatorHost.exe is usually safe when it is Microsoft-signed in System32. Learn how to check the path, signature, high CPU, file locks, and malware imposters.
Learn which infostealer malware families matter in 2026, how stealer logs expose passwords, cookies, and wallets, and what to do after infection.
Defender found Virus:Win64/Expiro.DD!MTB or Virus:Win32/Expiro? Learn how to scan drives, back up safe files, remove leftovers, and when to clean reinstall.
Slopsquatting is a new type of cyber threat that takes advantage of mistakes made by AI coding tools, particularly LLMs that can "hallucinate". In...
SnapeDex.com claims to be a cryptocurrency exchange offering free Bitcoin, but there are significant concerns about its legitimacy. However, this site is designed to...
Defender found Trojan:Win32/Wacatac? Learn what Wacatac means, when it may be a false positive, what to check first, and how to remove recurring alerts...
D0glun Ransomware: Technical Analysis and Protection Guide D0glun ransomware emerged in January 2025 as a new crypto-ransomware variant with direct links to the Babuk...
GorillaBot is a sophisticated botnet malware that has been making headlines for its aggressive DDoS attacks. Building on the infamous Mirai botnet framework, this...
Gotexcoin appears to be a fraudulent cryptocurrency platform that lures users with promises of free Bitcoin, specifically 0.31 BTC XLord promo code, often linked...
