Meduza Stealer

Meduza Stealer is a new malware sample that has a lot of reasons to become a prolific strain

The Malware world evolves constantly, and it would be reckless to ignore newcomers and their potential. Meduza Stealer appears to be a pretty potent stealer variant with its unique features and marketing model. Additionally, this malware may be considered a firstling of a new malware generation – one which breaks old geolocation filtering rules. What… Continue reading Meduza Stealer

How can an attacker execute malware through a script?

Script-Based Malware

Over the last four years, the share of script-based attacks of malware offenses worldwide has grown so drastically that it raised alerts among security specialists and ordinary users. In this post, we shall regard script-based malware, assess its strengths and weaknesses, explain how the attacks happen, and suggest measures to maintain security in your workgroup.… Continue reading How can an attacker execute malware through a script?

PUABundler:Win32/CandyOpen (PUA OpenCandy)

CandyOpen is a malware used to download unwanted software

PUABundler:Win32/CandyOpen (or OpenCandy) is an unwanted program that acts as a browser hijacker and can download junk apps to your system. Specifically, it points at a thing known as OpenCandy adware, which is known for its indecent behavior. Let’s break it down and see what the PUABundler/Candyopen in a real-world example. What is PUABundler:Win32/CandyOpen? As… Continue reading PUABundler:Win32/CandyOpen (PUA OpenCandy)

Hellminer.exe Coin Miner

Hellminer.exe is a process related to a malicious miner

Hellminer.exe is a process you can see in the Task Manager that indicates a malicious software activity. It stands out by the high CPU load it creates, making the system much less responsive. Let’s figure out what this process is, and how to get rid of it.

rsEngineSvc.exe Process: Reason Core Security Engine Service

The presence of rsEngineSvc.exe is a sign of an unwanted program running in the system

RsEngineSvc.exe is an executable file associated with RAV Antivirus, a program developed by ReasonLabs. While being less dangerous than malware, it may be categorized as PUP (Potentially Unwanted Program). This kind of software is usually bundled with other free applications and installed without the user’s knowledge or distributed through deceptive advertising. Is Rsenginesvc.exe Virus? As… Continue reading rsEngineSvc.exe Process: Reason Core Security Engine Service

AcroTray.exe

Acrotray.exe is an Adobe Acrobat background process that manages printing, updates, document conversion.

The Acrotray.exe process is one of the important components provided by Adobe Systems. This process is associated with Adobe Acrobat software and often starts automatically when the Windows operating system starts. However, not every user knows what this process is, what it is for and whether it is safe. Let’s do a complete technical analysis… Continue reading AcroTray.exe

Malware vs Virus

An exhaustive explanation of the difference between Malware and Virus

It is particularly easy to hear people calling the same thing malware or virus. However, while both terms are often used interchangeably, they carry distinct meanings. In this article, I will elucidate the definitions of each term and explain malware vs virus differences. Malware vs Virus – Is There Any Difference? The terms malware and… Continue reading Malware vs Virus

Program:Win32/Uwamson.A!ml

Win32/Uwamson.A!ml is a troublesome detection that we will help you deal with.

Win32/Uwamson.A!ml is a specific name of a Microsoft Defender detection. This designation indicates that the suspicious program or file scanned by the antivirus has characteristics of malware. That is, the program has characteristics that are typical of viruses and other malware. Moreover, it can often be a false positive detection. Let’s look at it in… Continue reading Program:Win32/Uwamson.A!ml

VirTool:Win32/DefenderTamperingRestore

VirTool:Win32/DefenderTamperingRestore stealthily infiltrates the system registry and disables protection.

VirTool:Win32/DefenderTamperingRestore is the name of the Microsoft Defender detection of a malicious element present in the system. Usually, it marks a thing that can weaken the system’s security and make the device vulnerable to malware injection. Let’s find out how dangerous this is, and how to deal with it. Threats like VirTool are often the… Continue reading VirTool:Win32/DefenderTamperingRestore

Trojan:Script/Wacatac.B!ml

Wacatac is a common noun for a wide group of spyware

Trojan Wacatac is an umbrella detection for a wide range of malicious software, that shares functionality and code. In particular, the Wacatac name points to malware with dropper capabilities that are used to deliver ransomware. Trojan Wacatac Detection Trojan:Script/Wacatac.B!ml and Trojan:Win32/Wacatac.B!ml detection is one of the numerous detection names that Microsoft assigns to minor malware… Continue reading Trojan:Script/Wacatac.B!ml