Gridinsoft Security Lab

A new threat has been discovered in the form of a Windows shortcut that is actually a .NET-based shellcode downloader called Jellyfish Loader. It has some strange features that may signify that it is still at the development stage. Nonetheless, this malware is capable of deploying other malicious software in a selection of ways. Jellyfish Loader Malware Overview Researchers from Cyble have discovered a new Jellyfish Loader threat that stands out from other threats. The malicious file appears to originate…

Trojan:Script/Downloader!MSR is a malicious script that downloads other malware onto the target system. It is most commonly spread through illegal software and fake documents, and is capable of deploying pretty much any malicious program. Due to the complexity and the use of obfuscation, the exact malicious script may remain undetected, while the Defender will display a powershell.exe file as affected. Trojan:Script/Downloader!MSR Overview Trojan:Script/Downloader!MSR is a heuristic detection of Microsoft Defender that flags a small malware downloading script. Unlike a full-fledged…

Trojan:Win32/Bearfoos.B!ml is a detection of Microsoft Defender associated with data stealing malware. It may flag this malware due to the specific behavior patterns, assigning that name even to malicious programs of well-known families. As the Defender uses machine learning for this detection, it can sometimes be a false positive. Trojan:Win32/Bearfoos.B!ml Overview Trojan:Win32/Bearfoos.B!ml is a detection of Microsoft Defender AI system for infostealer malware and spyware. Typically, the malware this detection flags belongs to a broader family, but may as well…

Trojan:Win32/Malgent!MSR detection has recently become widespread in Windows systems. It usually flags a real threat, particularly a dropper or a backdoor, which aim at delivering other malware to the system. However, these detections may be false positive, with certain types of programs often being detected for no obvious reason. Despite the possibility of it being a false detection, I heavily emphasize to you to take all the recommended precautions. It is hard to detect stealthy malicious software with your naked…

Polymorphic and Metamorphic Malware: the Comparison In this article, we consider two types of pests: polymorphic and metamorphic viruses, which were designed to destroy the integrity of the operating system and harm the user. Before we find out what is the difference between polymorphic and metamorphic viruses, let’s figure out what is virus in general and where it originates. Virus is a type of malware that aims to infect the victim’s device, break its integrity and distribute its copies for…

Stopabit is an unwanted application that has almost no useful functionality. Users can see its promotions as a useful tool for screen time control, but it in fact aims at exploiting the bandwith. This may lead to connectivity issues and illicit traffic being routed through the system. Such applications are commonly distributed through software bundling. This supposes installation along with pirated software, game mods and similar software from questionable sources. Stopabit Virus Overview Stopabit is a malicious software that manifests…

Weather Zero is a dropper-like unwanted program that disguises itself as a weather widget for Windows. It spreads as potentially unwanted software via bundling, and can deliver malware to the target system. Its innocent looks make a lot of people ignore it or believe it is completely harmless and thus have little to no haste in removing it. Let me explain its dangers in detail and show how to remove the unwanted program from the system. Weather Zero Overview Weather…

Bloom.exe is a malicious miner that masquerades as a legitimate process. Its job is to use the victim’s device to mine cryptocurrency for con actors. The most visible sign of its presence, aside from the process in the Task Manager, is an enormously high CPU load that comes from it. This effectively renders your system unusable, causing stutters and even crashes. Bloom.exe Miner Overview Bloom.exe is a process created by coin miner malware. This class of malware exploits the hardware…

PUA:Win32/Packunwan is a generic detection of potentially unwanted program that uses software packing. It can range from being just annoying to creating a severe threat to the system safety. Depending on this, the degree of damage to the system will vary. Usually, these unwanted programs are distributed as “recommended software” in freeware, shareware or cracked installers. The name “Packunwan” stands for the unwanted program that uses packing, which makes the analysis more complicated. Programs detected with this name are almost…

Trojan:Win32/Casdet!rfn is a detection that indicates the possible presence of malware on your system. Users may encounter this detection after using pirated software or opening suspicious email attachments. In certain cases, Casdet may be a false positive detection. Casdet is a severe threat mainly used for reconnaissance and delivering other payloads to the device. It also collects some data about the system but can be modified for different tasks, such as direct information theft. Trojan:Win32/Casdet!rfn Overview Trojan:Win32/Casdet!rfn is a detection…

Trojan:Win32/Tnega!MSR is a malicious program that functions to deliver other malware. It uses numerous anti-detection tricks and is often distributed as mods and cheats for popular games. Such threats are capable of delivering spyware, ransomware and pretty much any other malware. Trojan:Win32/Tnega!MSR Overview Trojan:Win32/Tnega!MSR is a Microsoft Defender detection that refers to malware that acts as a downloader. As the name suggests, such malware’s main task is to deliver additional malicious components to the infected device, i.e., payload. It may…

PUADlmanager:Win32/InstallCore is a detection that Windows Defender antivirus uses to detect potentially unwanted programs (PUА). It is a malware that poses a serious threat to Windows users. Unlike simple unwanted programs, InstallCore combines the functions of a downloader and installer, automatically distributing many unwanted applications and potentially dangerous programs to infected devices. Win32/InstallCore may not look like a serious threat, but the effects of its activity are not pleasant either. Unwanted programs, adware, junk apps – this PUA is not…