Gridinsoft Security Lab
LOBSHOT malware steals cryptowallets, exploits Google Ads
LOBSHOT, a recently-detected malware family, appears to be a new strong player in the malware market. Carrying a combination of backdoor and spyware functionality, it uses novice spreading ways that make it more effective. Its ability to provide Hidden VNC connections may be a go-to point for numerous cybercriminals. Let’s analyse this malware and see, is it really that dangerous and how to counteract it. Short overview LOBSHOT is a novice malware debuted around mid-2022. By its capabilities, it is…
Domino Backdoor is Lead by FIN7 and Conti Actors
A new Domino Backdoor popped out at the beginning of 2023. Since February, a new malware family coined Domino is used for attack on corporations, having Project Nemesis stealer as a final payload. Analysts say that the new backdoor is controlled and developed by ex-TrickBot/Conti actors and hackers related to the FIN7 group. Who are Conti and FIN7? First of all, let’s explain why the presence of actors from FIN7 and the ceased Conti gang is so noteworthy. FIN7 is…
Rorschach Ransomware Analysis
Recent research from the CheckPoint Research team revealed a new ransomware sample that can potentially beat all samples currently present on the market. They coined it Rorschach, and already say that its unique properties can make it dominant ransomware pretty quickly. We told about this malware in a recent news post, and now it’s time for a more detailed analysis. Rorschach Ransomware Uses DLL Sideloading One of the most unusual properties of a new ransomware sample is the way it…
BlackGuard Receives Update, Targets More Cryptowallets
BlackGuard, a prolific infostealer malware, received an update at the edge of 2023. The new update introduced advanced data-stealing capabilities and secure connectivity features. The new version also includes a row of new anti-detection and anti-analysis capabilities. Let’s have a more detailed look into this malware and see the difference from all aspects. BlackGuard Stealer – What is it? BlackGuard is a classic infostealer malware, programmed in C#. It aims at grabbing personal data from web browsers, particularly seeking data…
Most Common Types of Social Engineering Attacks
Intruders are developing more and more methods to get what they want. Social engineering is one of the most common methods through which fraudsters manage to deceive the user, manipulate him, and instill his fear and urgency. Once the victim is emotional, the fraudsters begin to cloud her judgment. Any human error is a vulnerability that makes social engineering work. This article will present the top most common types of social engineering. Along with it, you’ll see the guidance on…
Fargo Ransomware aims at vulnerable Microsoft SQL servers
Ransomware rarely chooses the sole type of targets for their attacks. They roam from attacks on small coffee shops to strikes on governmental organisations, with the corresponding adaptations to their software. However, all classic handbooks about offensive operations state that it is important to find a vulnerability of a target and exploit it. Such a tactic became an option for Fargo ransomware – or, as it was known earlier, Mallox or TargetCompany1.…
Reverse Proxy vs Proxy
What is a Reverse Proxy? A reverse proxy is the same server but is in front of a web server. Depending on its configuration, it allows or refuses the external connection to reach the endpoint. Reverse proxies are used to improve security, performance, and reliability. To understand how a reverse proxy works and what benefits it can provide, let’s first remember what a reverse proxy server is. What is a reverse proxy? Proxy Server Meaning A…
How to Report a False Positive Detection?
Gridinsoft is an antivirus software company that provides powerful solutions for detecting and removing malware from computers. However, sometimes our software may generate false positive detections, which can be frustrating for users. If you believe that we have wrongly detected a legitimate file as malware, you can report the false positive detection to us. Here are the steps to follow:
Antivirus scanner and anti-malware. What is the difference?
Antivirus, anti-malware software, antivirus scanner… There are so many terms, and all of them look so similar, but they’re different. It is easy to confuse the user who does not have any information about all these things. Thus, it is important to clear out these things in easy words. From a certain point of view, antivirus programs, anti-malware software, security tools, and antivirus scanners are just synonyms. Sure, they have a lot of things in common – enough to call…
Script-based malware. How to stay protected?
Over the last four years, the share of script-based attacks of malware offenses worldwide has grown so drastically that it raised alerts among security specialists and ordinary users. In this post, we shall regard script-based malware, assess its strengths and weaknesses, explain how the attacks happen, and suggest measures to maintain security in your workgroup. Security News: Greta Thunberg became the most popular character in phishing campaigns. What is script-based malware? To understand how someone can run a script-based attack…
Malware vs. Virus. Difference explained
The topic of this small post is malware vs. virus conceptual clarification. We remember times when people used to call any harmful program a “virus”. Today this “malware” term popped out! How do these words correlate? People seem to use them freely and arbitrarily. But is such usage correct? Let’s investigate. For those who are not interested in a more thorough explanation, let’s say that a virus is a particular case of malware. Under malware, we understand any software created…
What is Discord virus? Investigating a new online fraud
Discord virus is only the name of a spamming campaign that takes place on this communication platform. The exact type of malware you can get through these tricks may vary in an extensive range. Nonetheless, the fraudsters’ method to fool you cannot be named original. There are two well-distinguishable ways – thick and gentle. A thick method is used in massive attacks. The possible victim receives a malicious link with a clickbait text from an unknown user. Because all such…