Threat research notebook
Fresh malware notes, phishing samples, scam redirects, ransomware observations, and field reports from Gridinsoft research. No gallery, no filler: date, case, finding, next read.
291 lab recordsSUPERLOCK is a ransomware infection that aims at blocking access to the files and demanding a payment for getting them back. Users can distinguish the encrypted files by them containing an additional .superlock extension,...
Trojan:PDF/Phish.A is detection of a PDF file which potentially carries a malicious link or script designed...
Trojan:PowerShell/Malscript!MSR refers to a detection linked to malicious script activity. This type of malware typically exploits...
TrojanDownloader:HTML/Elshutilo is script-based malware designed to download additional payloads onto the target system. Since detection is...
Opera GX is a legitimate Chromium-based browser made by Opera for gamers, but “safe” depends on what you mean. It is not malware when...
The Aruba.it email scam is a phishing campaign using fake emails that appear to be from Aruba S.p.A., a well-known Italian company providing domain...
The *Arma dei Carabinieri* message is a banner that may appear on your PC, attempting to mimic notifications from Italy's national gendarmerie. Cybercriminals use...
Trojan:Win32/Offloader.EA!MTB is malware designed to establish unauthorized access to a target system or deliver a payload of additional malware. This detection is sometimes associated...
While browsing the Web, you can at some point find yourself with an installer file for a program called UC Browser. This dubious program...
PUA:Win32/WebCompanion is a Defender detection for Adaware Web Companion or related bundled installs. Remove unwanted browser and system changes.
PUA:Win32/DNDownloader is a Microsoft Defender detection for a potentially unwanted downloader or bundled installer. It is not always a classic virus, but it can...
PUABundler:Win32/MediaGet is a Microsoft Defender detection for MediaGet-related bundled software. MediaGet is commonly associated with torrent/pirated-content workflows and may install extra components or unwanted...
PrimeLookup is a Chrome extension that may unexpectedly appear among your browser's add-ons, causing your search queries to be redirected. As a browser hijacker,...
ZoomFind is a Chrome extension that may unexpectedly appear among the others, causing the browser to redirect your search queries. It belongs to the...
The SwiftSeek is a browser extension that may unexpectedly appear among the others, causing the browser to redirect your search queries. It belongs to...
Trojan:Script/Obfuse!MSR is a generic detection of a malicious script that abuses command interpreters to execute commands or binaries. What distinguishes this threat from others...
Hkbsse.exe is a name of a process related to Amadey Dropper, that you can observe while browsing through the system. This malware delivers other...
Trojan:Win32/Stealer!MTB is a Microsoft Defender detection for malware that can steal passwords, browser cookies, tokens, cryptocurrency wallet data, screenshots, or other sensitive information. Treat...
Trojan:Win32/Commandrob.A!ml is a heuristic detection associated with suspicious network activity. It may refer to a wide range of malicious programs, or be a false...
Azurestaticapps.net is a selection of pages registered on genuine Microsoft hosting, that try scaring the user by false malware infection claims. In fact, it...
