Gridinsoft Security Lab

Defending Against Whaling Phishing Attacks

What is Whaling Phishing and How To Recognize and Avoid It?

Stephanie AdlamSep 18, 20235 min read

Malicious actors know executives and high-level employees, such as public spokespersons, are familiar with common spam tactics. Due to their public profiles, they may have undergone extensive security awareness training, and the security team may have implemented stricter policies and more advanced tools to safeguard them. As a result, attackers targeting these individuals are forced to move beyond conventional phishing tactics such as Whaling Phishing and employ more sophisticated and targeted methods. What is Phishing? Phishing is a malicious practice…

W3LL attacks Microsoft 365 accounts, bypassing MFA

W3LL Targets Microsoft 365 Accounts with Sophisticated Phishing Kit

Stephanie AdlamSep 8, 20239 min read

In the ever-evolving landscape of cyber threats, crooks continually find new and inventive ways to exploit vulnerabilities and target valuable assets. One such threat that has recently garnered significant attention is “W3LL.” Next, we will tell you what it is, what it is known for, and how it succeeded in its business over 6 years without attracting the attention of law enforcement agencies. W3LL attacks Microsoft 365 accounts, bypassing MFA A relatively not new but little-known attacker group called “W3LL”…

HiatusRAT Analysis & Recent Attack Description

HiatusRAT Used in Attacks on Taiwan Companies and U.S. Military

Stephanie AdlamAug 22, 20237 min read

Recent attacks on US military systems and Taiwan companies are distinctive not only by the brave target choosing, but also for the used toolkit. In the case of both targets, attackers used HiatusRAT as an initial access/reconnaissance tool. Aside from being used in these attacks, Hiatus Trojan has other things to boast of. US DoD and Taiwan Companies Cyberattacks First, let’s clear out the attacks upon quite famed organisations and companies. The long-going cyberattack upon Taiwanese companies and at least…

Ways to Detect, Mitigate and Prevent Infostealer Malware

Infostealers: How to Detect, Remove and Prevent them?

Stephanie AdlamJul 28, 20237 min read

The flow of information is crucial in today’s world, but it’s also precious to cybercriminals. They target personal data stored on your device through infostealer malware, putting your information at risk. Experts have marked a significant rise in the spread of information-stealing malware, also known as infostealers or stealers. In Q1 2023, the number of incidents has more than doubled, indicating a concerning trend that threatens global organizations. What is an Infostealer? Infostealer is malicious software that collects information on…

FIN8 created a new Backdoor to inject Noberus Ransomware

FIN8 Updated Sardonic Backdoor to Deliver Noberus Ransomware

Stephanie AdlamJul 21, 20235 min read

FIN8, an infamous group of cybercriminals, has updated its backdoor malware to avoid being detected. They made improvements and prepared to release a new type of crimeware called Noberus. This threat actor has returned after inactivity, using a modified version of their Sardonic backdoor to distribute the Noberus ransomware. This is a part of their typical approach of constantly changing and improving their malware arsenal. Who are FIN8 a.k.a “Syssphinx”? There is a financially motivated cybercrime group known as FIN8…

Meduza Stealer Analysis in 2023

Meduza Stealer: What Is It & How Does It Work?

Stephanie AdlamJul 19, 202314 min read

Malware world evolves constantly, and it will be reckless to ignore newcomers and their potential. Meduza Stealer appears to be a pretty potent stealer variant with its unique features and marketing model. Additionally, this malware may be considered a firstling of a new malware generation – one which breaks old geolocation filtering rules. What is Meduza Stealer? Meduza is an all-encompassing infostealer, which is somewhat similar to the old guard at a glance. However, well-known things such as Redline or…

wise remote stealer

Wise Remote Trojan: Infostealer, RAT, DDoS Bot, and Ransomware

Vladimir KrasnogolovyJul 10, 20234 min read

Wise Remote Stealer is a potent and malicious software that operates as an infostealer, Remote Access Trojan (RAT), DDoS bot, and ransomware. It has gained notoriety within the cybersecurity community due to its extensive range of capabilities and the threat it poses to individuals and organizations. Unveiling the Wise Remote Stealer Revelations from cybersecurity experts have shed light on a concerning development in the underbelly of the internet—a burgeoning menace known as “Wise Remote”. This pernicious malware, operating as a…

Proxyjacking - A New Tactic Of Old Hackers

Proxyjacking: The Latest Cybercriminal Invention In Action

Stephanie AdlamJul 7, 20237 min read

Today, in the constantly changing world of cyber threats, attackers always look for new ways to get more benefits with less effort. Recently, researchers found an example of this and called it proxyjacking for profit. What is proxyjacking? Proxyjacking is an attacker’s illegal use of a victim’s bandwidth for its own good. The closest related process to proxyjacking is called cryptojacking. It involves an attacker illegally using the victim’s device power to mine cryptocurrency. There is nothing new under the…

New PlugX malware attacks target European diplomats

PlugX malware attacks European diplomats

Stephanie AdlamJul 6, 20234 min read

Over the past few months, researchers have been monitoring the activity of a Chinese threat actor using PlugX malware to target foreign and domestic policy entities and embassies in Europe. This is a more significant trend among Chinese-based groups increasingly focusing on European entities, particularly their foreign policy. The countries most targeted in this campaign are Central and Eastern European countries such as Slovakia, the Czech Republic, and Hungary. Key target of these attacks is likely obtaining sensitive information about…

RedEnergy – Ransomware or Infostealer?

RedEnergy Stealer-as-a-Ransomware On The Rise

Stephanie AdlamJul 4, 20235 min read

Researchers have discovered a new form of malware called RedEnergy Stealer. It is categorized as Stealer-as-a-Ransomware but is not affiliated with the Australian company Red Energy. A malware called RedEnergy stealer uses a sneaky tactic to steal sensitive data from different web browsers. Its fundamental spreading way circulates fake updates – pop-ups and banners that bait the user to install what appears to be the malicious payload. RedEnergy also has multiple modules that can carry out ransomware activities. Despite using…

Darknet Forums and Malware Spreading: All You Need to Know

Malware Propagation On Darknet Forums

Stephanie AdlamJun 21, 20238 min read

The forums on the dark web are well-known for being a hub of cybercriminal activity, including an auction system. Here, bad actors can trade tips on hacking, share samples of malware, and demonstrate how to exploit vulnerabilities. For those who develop malware, Darknet communication platforms, specifically forums, became a perfect marketing platform. The developers of questionable or dual-purpose software appreciate such a law-free place as well. Here, I’ve picked 6 malware samples that are promoted actively on the Darknet. EvilExtractor…

Cloud Mining Scams Spread Roamer, the Android banking trojan

Cloud Mining Scams Spread Banking Trojans

Stephanie AdlamJun 16, 20234 min read

It’s no secret that cybercriminals are increasingly using mobile platforms as an attack vector lately. One example is a new Android malware. It spreads through fake cloud mining scams services and targets cryptocurrency wallets and online banking apps. Analysts dubbed this banking trojan as Roamer, though hackers may use different other malware for such attacks. What are we talking about? The era of hype around crypto-mining is over, and the shortage of video cards and mining farms is a thing…