Tag: Malware

PyPI Malware Spreading Outbreak Exploits Typosquatting

Python Package Index once again suffers from malicious repositories

PyPI, an index of Python packages, once again became a place for malware spreading. Threat actors registered hundreds of profiles to deploy packages, with the name set as typosquatting to known and popular packages. This forced the administration to halt new user registration until the issue is resolved. PyPI Malware Spreading Causes Registrations Halt Python… Continue reading PyPI Malware Spreading Outbreak Exploits Typosquatting

VirTool:Win32/DefenderTamperingRestore

VirTool:Win32/DefenderTamperingRestore stealthily infiltrates the system registry and disables protection.

VirTool:Win32/DefenderTamperingRestore is the name of the Microsoft Defender detection of a malicious element present in the system. Usually, it marks a thing that can weaken the system security and make the device vulnerable to malware injection. Let’s find out how dangerous this is, and how to deal with it. Threats like VirTool are often the… Continue reading VirTool:Win32/DefenderTamperingRestore

Hellminer.exe Coin Miner

Hellminer.exe is a process related to a malicious miner

Hellminer.exe is a process you can see in the Task Manager that indicates a malicious software activity. It stands out by the high CPU load it creates, making the system much less responsive. Let’s figure out what this process is, and how to get rid of it.

STRRAT and Vcurms Malware Abuse GitHub for Spreading

Attackers are using GitHub as a source for the final payload

A new phishing campaign has recently been discovered that uses GitHub to deliver Remote Access Trojans (RAT) STRRAT and Vcurms via a malicious Java downloader. ANY.RUN specialists have detected the active spread of these malicious programs and warn users against potential threats. Short About STRRAT and Vcurms STRRAT is a Java-based RAT, notorious for its… Continue reading STRRAT and Vcurms Malware Abuse GitHub for Spreading

Adobe Reader Infostealer Plagues Email Messages in Brazil

Frauds use forged PDF documents to deploy infostealers

A recent email spam campaign reportedly spreads infostealer malware under the guise of Adobe Reader Installer. Within a forged PDF document, there is a request to install Adobe Reader app, that triggers malware downloading and installation. Considering the language of the said documents, this malicious activity mainly targets Portugal and Brazil. Infostealer Spreads in Fake… Continue reading Adobe Reader Infostealer Plagues Email Messages in Brazil

WingsOfGod.dll – WogRAT Malware Analysis & Removal

WogRAT is a pretty simple backdoor with mysterious spreading ways

WogRAT, also known as WingsOfGod RAT, is a novice remote access trojan that attacks users from Asian countries. Named after its own file – Wingsofgod.dll, this malware attacks people since late 2022, spreading through the online notepad service. What is WogRAT (WingsOfGod.dll)? WogRAT is a classic example of a remote access trojan, a backdoor-like malicious… Continue reading WingsOfGod.dll – WogRAT Malware Analysis & Removal

rsEngineSvc.exe Process: Reason Core Security Engine Service

The presence of rsEngineSvc.exe is a sign of an unwanted program running in the system

RsEngineSvc.exe is an executable file associated with RAV Antivirus, a program developed by ReasonLabs. While being less dangerous than malware, it may be categorized as PUP (Potentially Unwanted Program). This kind of software is usually bundled with other free applications and installed without the user’s knowledge or distributed through deceptive advertising. Is Rsenginesvc.exe Virus? As… Continue reading rsEngineSvc.exe Process: Reason Core Security Engine Service

Bitfiat Process High CPU – Explained & Removal Guide

Have you opened Task Manager and found the Bitfiat high CPU usage? Here is the way to solve this.

Bitfiat is a malicious coin miner that exploits your computer’s hardware to mine cryptocurrencies. Such malware takes as much resources as it can, making the system impossible to use. Let’s see what this malware is, and how to remove it. Bitfiat Overview The Bitfiat process is related to the activity of a malicious coin miner.… Continue reading Bitfiat Process High CPU – Explained & Removal Guide

Warzone RAT Dismantled, Members Arrested

International crackdown dismantles Warzone RAT, leading to key arrests in Malta and Nigeria.

In an international law enforcement operation, the U.S. Department of Justice continues its fight against cybercriminals. The operation dismantled a network that sold and supported the Warzone Remote Access Trojan (RAT). Also, this malware allowed cybercriminals to stealthily infiltrate victims’ computers, resulting in data theft and other malicious activities. Warzone RAT Masters Arrested and Charged… Continue reading Warzone RAT Dismantled, Members Arrested

Mispadu Banking Trojan Exploits SmartScreen Flaw

One more malware family makes use of CVE-2023-36025

Recent research uncovers a new sample of Mispadu malware that uses a SmartScreen bypass flaw to integrate itself into the system. This banking trojan from 2019 uses the vulnerability discovered in late 2023 to target mainly LATAM users. Mispadu Trojan Uses SmartScreen Bypass The extensive research regarding Mispadu malware done by Unit 42, among other… Continue reading Mispadu Banking Trojan Exploits SmartScreen Flaw