Gridinsoft Security Lab

Jellyfish Loader Malware Overview

Jellyfish Loader Malware Discovered, Threatens 2024 Olympics

Stephanie AdlamJul 21, 20245 min read

A new threat has been discovered in the form of a Windows shortcut that is actually a .NET-based shellcode downloader…

CVE-2023-36884 Microsoft Zero Day Vulnerability

Microsoft CVE-2023-36884 Vulnerability Exploited in the Wild

Stephanie AdlamMay 31, 20243 min read

On July 11, 2023, Microsoft published an article about addressing the CVE-2023-36884 vulnerability. This breach allowed for remote code execution in Office and Windows HTML. Microsoft has acknowledged a targeted attack that exploits a vulnerability using specifically designed Microsoft Office documents. The attacker can gain control of a victim’s computer by creating a malicious Office […]

wise remote stealer

Wise Remote Trojan: Infostealer, RAT, DDoS Bot, and Ransomware

Vladimir KrasnogolovyMay 30, 20244 min read

Wise Remote Stealer is a potent and malicious software that operates as an infostealer, Remote Access Trojan (RAT), DDoS bot, and ransomware. It has gained notoriety within the cybersecurity community due to its extensive range of capabilities and the threat it poses to individuals and organizations.ContentsUnveiling the Wise Remote StealerThe Stealthy Proliferation of Wise Remote […]

Proxyjacking - A New Tactic Of Old Hackers

Proxyjacking: The Latest Cybercriminal Invention In Action

Stephanie AdlamJul 7, 20237 min read

Today, in the constantly changing world of cyber threats, attackers always look for new ways to get more benefits with less effort. Recently, researchers found an example of this and called it proxyjacking for profit.ContentsWhat is proxyjacking?Diving into details1. Penetration2. Deploying3. File analysis4. Eliminating competitorsDistribution serverWhy do they do it?How to avoid proxyjacking? What is […]

New PlugX malware attacks target European diplomats

PlugX malware attacks European diplomats

Stephanie AdlamJul 6, 20234 min read

Over the past few months, researchers have been monitoring the activity of a Chinese threat actor using PlugX malware to target foreign and domestic policy entities and embassies in Europe. This is a more significant trend among Chinese-based groups increasingly focusing on European entities, particularly their foreign policy. The countries most targeted in this campaign […]

RedEnergy – Ransomware or Infostealer?

RedEnergy Stealer-as-a-Ransomware On The Rise

Stephanie AdlamMay 30, 20245 min read

Researchers have discovered a new form of malware called RedEnergy Stealer. It is categorized as Stealer-as-a-Ransomware but is not affiliated with the Australian company Red Energy.ContentsWhat is RedEnergy Malware?Threat SummaryHow does RedEnergy Malware work?How to avoid installation of RedEnergy Malware? A malware called RedEnergy stealer uses a sneaky tactic to steal sensitive data from different […]

Darknet Forums and Malware Spreading: All You Need to Know

Malware Propagation On Darknet Forums

Stephanie AdlamJun 21, 20238 min read

The forums on the dark web are well-known for being a hub of cybercriminal activity, including an auction system. Here, bad actors can trade tips on hacking, share samples of malware, and demonstrate how to exploit vulnerabilities. For those who develop malware, Darknet communication platforms, specifically forums, became a perfect marketing platform. The developers of […]

Cloud Mining Scams Spread Roamer, the Android banking trojan

Cloud Mining Scams Spread Banking Trojans

Stephanie AdlamAug 17, 20244 min read

It’s no secret that cybercriminals are increasingly using mobile platforms as an attack vector lately. One example is a new Android malware. It spreads through fake cloud mining scams services and targets cryptocurrency wallets and online banking apps. Analysts dubbed this banking trojan as Roamer, though hackers may use different other malware for such attacks.ContentsWhat […]

Windows Key Code Is Not Valid - What Is This Page?

What is “Windows Key Code Is Not Valid And Seems Pirated”?

Stephanie AdlamJun 8, 20236 min read

Windows Key Code Is Not Valid And Seems Pirated appears to be a new scary scam approach used to trick Windows users. Banners with this prompt may appear out of nowhere, and can really scare inexperienced users. Let me explain to you what’s the matter with this banner, if you really have any issues, and […]

Business Email Compromise Attacks Explained

What is Business Email Compromise (BEC) Attack?

Stephanie AdlamApr 12, 20248 min read

Business email compromise attack, or shortly BEC, is a relatively new vector of cyberattacks. Dealing primary damage by exposing potentially sensitive information, also allows hackers to use the email for further attacks. The potential efficiency of these attacks is thrilling, and cyber criminals already apply them to conduct chain attacks. Let’s figure out a precise […]

MDBotnet Extensively Used in DDoS Attacks

New MDBotnet Malware Rapidly Expands a DDoS Network

Stephanie AdlamMay 30, 20246 min read

MDBotnet is a new malware strain that appears to be a backbone of a botnet, used in DDoS-as-a-Service attacks. Being a backdoor biassed towards networking commands, it appears to be another sample of russian malware. Analysts already report about the IPs related to this botnet being used in DDoS attacks. Let’s see why it is […]

Godaddy Refund Phishing Scam

GoDaddy Refund Phishing Emails Spread Infostealer

Stephanie AdlamMay 30, 20245 min read

Hackers started using GoDaddy Refund Emails as a disguise to trick the users into installing malware. In order to deploy the payload, they opted for a particularly new tactic or, well, combination of ones. As a payload, a unique free open-source Invicta Stealer is used.ContentsGoDaddy Refund Email PhishingInvicta Stealer DescriptionTargeted browsers and cryptowalletsHow to protect […]

What Ducktail malware and how to avoid it?

Ducktail Infostealer Malware Targeting Facebook Business Accounts

Stephanie AdlamMay 30, 20246 min read

Researchers discovered Ducktail Malware, which targets individuals and organizations on the Facebook Business/Ads platform. The malware steals browser cookies and uses authenticated Facebook sessions to access the victim’s account. As a result, the scammers gain access to Facebook Business through the victim’s account, which has sufficient access to do so. It is a particularly interesting […]