Threat research notebook
Fresh malware notes, phishing samples, scam redirects, ransomware observations, and field reports from Gridinsoft research. No gallery, no filler: date, case, finding, next read.
291 lab recordsA new threat has been discovered in the form of a Windows shortcut that is actually a .NET-based shellcode downloader called Jellyfish Loader. It has some strange features that may signify that it is...
Polymorphic malware changes its encrypted wrapper; metamorphic malware rewrites its code. Learn the difference, detection signs,...
Instagram hacking scams is an old-new direction of online fraud that targets people who want to...
Stopabit is an unwanted application that has almost no useful functionality. Users can see its promotions...
Weather Zero is an unwanted weather-style app that may show ads, redirects, or browser notification spam. Here is how to remove it and clean...
Bloom.exe is a malicious miner that masquerades as a legitimate process. Its job is to use the victim's device to mine cryptocurrency for con...
Trojan:Win32/Tnega!MSR is commonly searched as a Defender Trojan alert, but Microsoft’s public threat entry currently describes HackTool:Win32/Tnega!MSR. Either way, treat the detection as unsafe:...
PUADlManager:Win32/InstallCore is a bundler/downloader detection. Remove the parent installer, related offers, browser changes, and leftover tasks.
PUA:Win32/Caypnamer.A!ml is a Microsoft Defender detection that should be judged by the affected file path, source, signature, and behavior, not by the name alone....
Virus:Win32/Floxif.H is a severe Microsoft Defender file-infector alert. Learn how to remove it, rescan safely, and handle infected files or backups.
Virus:Win32/Grenam.VA!MSR is a serious Microsoft Defender virus alert, not a normal PUA warning. Grenam-family malware is associated with file infection behavior, meaning it can...
PUA:Win32/Presenoker is a Microsoft Defender detection for a potentially unwanted application, not a single fixed virus family. Treat it as unsafe unless you clearly...
Trojan:Win32/Znyonm is a detection often seen during the backdoor malware activity in the background. Such malware can escalate privileges, enable remote access, or deploy...
The "Internet Is A Dangerous Place" scam is a novel type of threatening email message that targets people with threats of intimidation and exposure....
Cybercriminals appear to exploit Binance smart contracts as intermediary C2, preferring them over more classic hostings for them being impossible to take down. It...
PUADlManager:Win32/OfferCore is a Defender detection for an installer or downloader that can deliver bundled unwanted apps and browser changes.
PUA:Win32/Vigua.A usually points to unwanted optimizers, scareware, or bundled tools. Remove the app, browser changes, and scheduled tasks.
sihost.exe, or Shell Infrastructure Host, is a legitimate Windows process that helps run the desktop shell: Start menu, taskbar, notifications, background visuals, and other...
Antivirus engine of MaxSecure, a well-known cybersecurity vendor, currently shows massive amounts of false positive detection with the name Win.MxResIcn.Heur.Gen. It touches numerous legitimate...
The toolkit of cybersecurity specialists in companies does not consist only of security tools. To imitate the intruders, they apply using the tools like...
