Threat research notebook
Fresh malware notes, phishing samples, scam redirects, ransomware observations, and field reports from Gridinsoft research. No gallery, no filler: date, case, finding, next read.
297 lab recordsThe FBI Denver Field Office has warned about a growing scam involving free online file converter tools, which appears to be a significant cybersecurity concern. These tools, while converting files as advertised, often distribute...
Trojan:Win64/RustyStealer.DSK!MTB is a sophisticated malware designed to infiltrate 64-bit Windows systems, primarily focusing on stealing sensitive...
TrojanProxy:Win32/Acapaladat.B is a type of malware that hides in free, unauthorized VPN applications, turning infected computers...
OneStart is a rogue program that is presented as a Chromium-based browser with AI features, such...
Should you remove EpiBrowser? You should remove EpiBrowser or EpiStart if it appeared without clear consent, replaced your default browser, redirected searches, or came...
The release of DeepSeek AI chatbot gave a push for an enormous number of DeepSeek scams that trick users in a variety of shady...
Windows Defender Security Center scam pop-ups imitate Microsoft alerts and push fake support calls. Learn how to close the page, remove notification spam, and...
Jupiter Airdrop scam is an alleged crypto-airdrop campaign that promises free crypto tokens, yet in return only empties users’ crypto wallets. Parasiting on the...
Sync.clearnview.com alerts usually point to a browser redirect, notification, extension, or adware issue. Learn the safe cleanup order.
AlrustiqApp.exe, also shown as Alrustiq Service, can indicate a miner-like unwanted app. Learn what to check in Task Manager, Services, Startup Apps, and how...
Nnice ransomware is a malware strain that aims at encrypting user files and demanding ransom payment for their decryption. Detected on January 14, 2025,...
Unsecapp.exe is usually a safe Windows WMI process. Learn the correct System32 wbem path, warning signs of fake copies, high CPU checks, and cleanup...
Contacto virus is a newly identified ransomware strain that encrypts victims’ files and demands a ransom for their decryption. We identified this sample on...
Defender found Trojan:JS/FakeUpdate.HNAP!MTB? Learn when it is a browser or OBS cache alert, when it is real FakeUpdates malware, and how to clean it...
RDPLocker is a virus that encrypts the files and demands for a ransom payment for their decryption. It was first detected on malware analysis...
Softonic is legit, but not every Softonic download or APK is safe. Check reviews, ads, wrappers, permissions, and scan results before installing.
Audiodg.exe is the Windows Audio Device Graph Isolation process. It is a legitimate Microsoft component that lets Windows run audio effects, enhancements, spatial sound,...
AI deepnude sites can expose photos, accounts, payments, installs, and consent-sensitive images. Check privacy, scam, malware, and reporting risks before uploading anything.
MicrosoftHost.exe is a malicious process that the malware creates to disguise itself as a benign process. Users may witness high CPU load coming from...
AlienWare is a type of ransomware designed to lock your files and hold them hostage until you pay up. It’s sneaky and frustrating, leaving...
