Gridinsoft Security Lab

SUPERLOCK is a ransomware infection that aims at blocking access to the files and demanding a payment for getting them back. Users can distinguish the encrypted files by them containing an additional .superlock extension, and also a lengthy ID code. As the result, the file originally named document.docx starts looking like document.docx.80E6332B3C8DN14401.superlock This malware is […]

Brad Garlinghouse Crypto Giveaway is a scam campaign that masquerades as a cryptocurrency giveaway. It falsely claimed to be organized by Ripple Foundation with Brad Garlinghouse, Ripple’s CEO, as the face of the event. It uses a sense of urgency and the allure of receiving free XRP tokens to deceive victims into clicking on fraudulent […]

Shougnoboassi.net is a website that you may notice appearing in your web browser. It shows a human verification button, and upon interaction redirects the user to a questionable website. In fact, this site is related to malicious activity, and in this post, I will explain how to stop it. What is Shougnoboassi.net? Shougnoboassi.net is a […]

Skyjem.com is a questionable search engine that you may see appearing in the browser for no obvious reason. Its search results are questionable and heavily infused with advertisements and links to shady pages. Here’s a breakdown of what this site is, how it ends up on your system, and what measures you can take to […]

“Ledger Recovery Phrase Verification” is a scam email that targets non-vigilant users. Its goal is to trick users into writing down their recovery phrase on a fake Ledger website. “Ledger Recovery Phrase Verification” email scam overview The email titled “Ledger Recovery Phrase Verification” is a deceptive phishing attempt targeting cryptocurrency users, specifically those with Ledger […]

Trojan:PDF/Phish.A is detection of a PDF file which potentially carries a malicious link or script designed to harm the system. This embedded malicious script may download additional malware onto the target system, or cause other kinds of disruptions. Let me quickly overview the detection and show how to remove it. What is Trojan:PDF/Phish.A detection? Trojan:PDF/Phish.A […]

Trojan:PowerShell/Malscript!MSR refers to a detection linked to malicious script activity. This type of malware typically exploits the system console interface to download and run full-fledged malicious programs. Let me quickly explain what this detection is about, and show you how to remove it. What does the Trojan:PowerShell/Malscript!MSR detection mean? Trojan:PowerShell/Malscript!MSR is a heuristic detection for […]

TrojanDownloader:HTML/Elshutilo is script-based malware designed to download additional payloads onto the target system. Since detection is based on threat behavior rather than a signature, it can sometimes result in false positives. Let me explain the meaning of the detection, all the dangers related to it, and the way to remove it from the system. TrojanDownloader:HTML/Elshutilo […]

Opera GX is a special version of the Opera browser with extra features tailored for gamers. However, malicious, weaponized versions of the browser are circulating online, transforming this legitimate browser into a makeshift malware. In this post, I’ll explain how to tell the original Opera GX apart from modified versions and why these “alternative builds” […]

The Aruba.it email scam is a phishing campaign using fake emails that appear to be from Aruba S.p.A., a well-known Italian company providing domain and web hosting services. Scammers aim to deceive recipients by posing as Aruba and requesting urgent action, such as domain renewal, on a fake website that mimics the official aruba.it page. […]

The *Arma dei Carabinieri* message is a banner that may appear on your PC, attempting to mimic notifications from Italy’s national gendarmerie. Cybercriminals use their name and authority to convince users from Italy into paying a non-existent fine to unlock their computers. In this post, I will describe the principle of how this malware works […]

Trojan:Win32/Offloader.EA!MTB is malware designed to establish unauthorized access to a target system or deliver a payload of additional malware. This detection is sometimes associated with uTorrent installers, and in such cases, it is more likely a false positive. Let me describe each of these cases and explain how to remove the actual threat. Trojan:Win32/Offloader.EA!MTB Overview […]