Gridinsoft Security Lab

Movidown is an Unwanted Application that initially mimics a utility for controlling fan speed. However, beneath this shell, it has the capabilities of a dropper malware, which it right away uses to deploy browser hijackers. This functionality, together with the deep access to the system, creates potential risks for much more severe malware to get […]

“Managed by your organization” is a line that appears when the web browser is attacked by browser hijackers. This malware abuses a legitimate Chrome policy to make itself impossible to delete. And it turns out to be pretty effective – without a special approach, all browser plugins remain untouchable after this line appears. In this […]

PUA:Win32/SBYinYing is a potentially unwanted application (PUA) that is often bundled with certain cracked games. It may display ads to users or redirect them to potentially harmful websites, which puts it in the same line with adware and browser hijackers. Most often, user get infected with that malware after downloading cracked software. PUA:Win32/SBYinYing Overview PUA:Win32/SBYinYing […]

Disabling Microsoft Defender is often thought of Windows users all around the world. Despite undoubtedly being a solid antivirus tool, it may cause issues here and there, forcing such a wish. In this guide, I’ll explain how to fully disable Microsoft Defender. How to Disable Microsoft Defender in Windows 10/Windows 11 There are two ways […]

Trojan:Win32/Qhosts is malware that provides remote access to the target system and modifies the Hosts file. It is primarily distributed through illegal activation tools found on torrent and warez sites. While the mentioned interaction with the system configuration file as a definitive feature, it is capable of much, much more unpleasant activities. Trojan:Win32/Qhosts Overview Trojan:Win32/Qhosts […]

PUABundler:Win32/YandexBundled is a detection of potentially unwanted application (PUA) associated with the Russian company Yandex. It is typically distributed as bundled software with repackaged or free programs. While being less dangerous than malware, it can still threaten both the privacy and normal operations of one’s computer. What is PUABundler:Win32/YandexBundled? PUABundler:Win32/YandexBundled is a generic detection name […]

Attackers are actively exploiting a critical vulnerability in the Docker Engine that may allow for authentication bypass in a chain attack. This vulnerability allows attackers to bypass AuthZ authorization plugins, effectively mutilating any auth control. For this and several other reasons, the flaw got the max severity score possible (10.0). Critical Docker Engine Flaw Allows […]

Players of Hamster Kombat have become prime targets for scammers promoting phishing schemes aimed at those looking for easy earnings. Malicious actors steal confidential data and infect inattentive players with malware. Due to the technical aspects of Hamster Kombat, these fraudulent schemes are highly successful. Hamster Kombat Tap-Game Players Targeted in Malware Spreading ESET researchers […]

Trojan:BAT/PSRunner.VS!MSR is a detection of malware that executes malicious commands on a compromised system. It does not do much hurt by itself and rather serves for payload delivery & running. Aside from that, it does some basic system reconnaissance and gains persistence for the further payloads. Trojan:BAT/PSRunner.VS!MSR Overview Trojan:BAT/PSRunner.VS!MSR is a type of malware detection […]

A new threat has been discovered in the form of a Windows shortcut that is actually a .NET-based shellcode downloader called Jellyfish Loader. It has some strange features that may signify that it is still at the development stage. Nonetheless, this malware is capable of deploying other malicious software in a selection of ways. Jellyfish […]

Trojan:Script/Downloader!MSR is a malicious script that downloads other malware onto the target system. It is most commonly spread through illegal software and fake documents, and is capable of deploying pretty much any malicious program. Due to the complexity and the use of obfuscation, the exact malicious script may remain undetected, while the Defender will display […]

Trojan:Win32/Bearfoos.B!ml is a detection of Microsoft Defender associated with data stealing malware. It may flag this malware due to the specific behavior patterns, assigning that name even to malicious programs of well-known families. As the Defender uses machine learning for this detection, it can sometimes be a false positive. Trojan:Win32/Bearfoos.B!ml Overview Trojan:Win32/Bearfoos.B!ml is a detection […]