Gridinsoft Security Lab

Business Email Compromise Attacks Explained

What is Business Email Compromise (BEC) Attack?

Stephanie AdlamJun 1, 20238 min read

Business email compromise attack, or shortly BEC, is a relatively new vector of cyberattacks. Dealing primary damage by exposing potentially…

What Ducktail malware and how to avoid it?

Ducktail Malware Aims At Browser Data | Ducktail Analysis

Stephanie AdlamMay 19, 20236 min read

Researchers discovered Ducktail Malware, which targets individuals and organizations on the Facebook Business/Ads platform. The malware steals browser cookies and uses authenticated Facebook sessions to access the victim’s account. As a result, the scammers gain access to Facebook Business through the victim’s account, which has sufficient access to do so. It is a particularly interesting behaviour, as most of stealer malware aims at cryptocurrency-related data, or even all data types at once. What is Ducktail Malware? Ducktail is malware built…

Stealer Malware You Should Know and Be Aware Of

Top 3 Stealer Malware to Be Aware Of in 2023

Stephanie AdlamMay 17, 20237 min read

Cybercrime world changes rapidly – both by expanding, collapsing, evolving extensively and intensively. One of the most massive malware types in the modern threat landscape – information stealers – appears to enter a new stage of development. Though its major names remain the same, some new malware families with promising features popped out. Let’s have a peek at all of them and see what to expect. Stealer Malware Market in 2023 Infostealer malware gained more and more popularity during the…

RedLine Stealer is Off to a Low Start

RedLine Stealer Issues 100,000 Samples – What is Happening?

Stephanie AdlamMay 15, 20235 min read

Throughout the entire early May 2023, GridinSoft analysts team observes an anomalous activity of RedLine stealer. It is, actually, an activity different from what we used to know. Over 100,000 samples of this malware appeared through the first 12 days of the month – that is too much even for more massive threats. Needless to say that for stealer malware such a massive outbreak is confusing, to say the least. What is RedLine malware? First, let me remind you what…

Aurora Stealer Spreads via Fake Windows Update

Fake Windows Update in Browser Deliver Aurora Stealer

Stephanie AdlamMay 11, 20237 min read

Fake Windows Update became a malware spreading way once again. Updates are a pretty routine part of the Windows user experience. Over the last 7 years, Windows users mostly used to see the familiar update icon in the tray. Inexperienced people, however, do not know the mechanics of Windows update, and can be trapped with the disguise of a “legitimate” and “trusted” update. Crooks who spread Aurora spyware seemingly opted for that approach in spreading their malware. Fake Windows Updates…

LOBSHOT Cryptostealer Offers Advanced Capabilities

LOBSHOT malware steals cryptowallets, exploits Google Ads

Stephanie AdlamMay 3, 202310 min read

LOBSHOT, a recently-detected malware family, appears to be a new strong player in the malware market. Carrying a combination of backdoor and spyware functionality, it uses novice spreading ways that make it more effective. Its ability to provide Hidden VNC connections may be a go-to point for numerous cybercriminals. Let’s analyse this malware and see, is it really that dangerous and how to counteract it. Short overview LOBSHOT is a novice malware debuted around mid-2022. By its capabilities, it is…

Domino Uses Parts of Lizar Malware, Delivered by Dave Loader

Domino Backdoor is Lead by FIN7 and Conti Actors

Stephanie AdlamApr 15, 20239 min read

A new Domino Backdoor popped out at the beginning of 2023. Since February, a new malware family coined Domino is used for attack on corporations, having Project Nemesis stealer as a final payload. Analysts say that the new backdoor is controlled and developed by ex-TrickBot/Conti actors and hackers related to the FIN7 group. Who are Conti and FIN7? First of all, let’s explain why the presence of actors from FIN7 and the ceased Conti gang is so noteworthy. FIN7 is…

Rorschach Ransomware Is Probably A New Favourite

Rorschach Ransomware Analysis

Stephanie AdlamApr 6, 20239 min read

Recent research from the CheckPoint Research team revealed a new ransomware sample that can potentially beat all samples currently present on the market. They coined it Rorschach, and already say that its unique properties can make it dominant ransomware pretty quickly. We told about this malware in a recent news post, and now it’s time for a more detailed analysis. Rorschach Ransomware Uses DLL Sideloading One of the most unusual properties of a new ransomware sample is the way it…

BlackGuard Stealer Extends Crypto Stealing Functionality

BlackGuard Receives Update, Targets More Cryptowallets

Stephanie AdlamMar 24, 20236 min read

BlackGuard, a prolific infostealer malware, received an update at the edge of 2023. The new update introduced advanced data-stealing capabilities and secure connectivity features. The new version also includes a row of new anti-detection and anti-analysis capabilities. Let’s have a more detailed look into this malware and see the difference from all aspects. BlackGuard Stealer – What is it? BlackGuard is a classic infostealer malware, programmed in C#. It aims at grabbing personal data from web browsers, particularly seeking data…

Social engineering attacks and Cybersecurity

Most Common Types of Social Engineering Attacks

Stephanie AdlamOct 4, 20225 min read

Intruders are developing more and more methods to get what they want. Social engineering is one of the most common methods through which fraudsters manage to deceive the user, manipulate him, and instill his fear and urgency. Once the victim is emotional, the fraudsters begin to cloud her judgment. Any human error is a vulnerability that makes social engineering work. This article will present the top most common types of social engineering. Along with it, you’ll see the guidance on…

Fargo Ransomware Microsoft SQL servers

Fargo Ransomware aims at vulnerable Microsoft SQL servers

Stephanie AdlamOct 3, 20225 min read

Ransomware rarely chooses the sole type of targets for their attacks. They roam from attacks on small coffee shops to strikes on governmental organisations, with the corresponding adaptations to their software. However, all classic handbooks about offensive operations state that it is important to find a vulnerability of a target and exploit it. Such a tactic became an option for Fargo ransomware – or, as it was known earlier, Mallox or TargetCompany1.…


Reverse Proxy vs Proxy

Stephanie AdlamJul 29, 20226 min read

What is a Reverse Proxy? A reverse proxy is the same server but is in front of a web server. Depending on its configuration, it allows or refuses the external connection to reach the endpoint. Reverse proxies are used to improve security, performance, and reliability. To understand how a reverse proxy works and what benefits it can provide, let’s first remember what a reverse proxy server is. What is a reverse proxy? Proxy Server Meaning A…

False Positive Gridinsoft

How to Report a False Positive Detection?

Polina LisovskayaJul 12, 20223 min read

Gridinsoft is an antivirus software company that provides powerful solutions for detecting and removing malware from computers. However, sometimes our software may generate false positive detections, which can be frustrating for users. If you believe that we have wrongly detected a legitimate file as malware, you can report the false positive detection to us. Here are the steps to follow:

🚩 Automatical False Positive Submission Before the removal process, if you select the action "Ignore Always" for the file we…

  1. Earlier notes about this group under a different name.