Gridinsoft Security Lab

Business email compromise attack, or shortly BEC, is a relatively new vector of cyberattacks. Dealing primary damage by exposing potentially sensitive information, it also gives hackers the opportunity to use the email for further attacks. The potential efficiency of these attacks is thrilling, and cybercriminals already apply them to conduct chain attacks. Let’s figure out a precise business email compromise definition, how these attacks work, and how to counteract them. What is a business email compromise? The term “business email…

MDBotnet is a new malware strain that appears to be a backbone of a botnet, used in DDoS-as-a-Service attacks. Being a backdoor biassed towards networking commands, it appears to be another sample of russian malware. Analysts already report about the IPs related to this botnet being used in DDoS attacks. Let’s see why it is so special and how you can avoid having troubles with MDBotnet. MDBotnet Malware Description Darknet posts that offer DDoS attacks services are not something ridiculous.…

Hackers started using GoDaddy Refund Emails as a disguise to trick the users into installing malware. In order to deploy the payload, they opted for a particularly new tactic or, well, combination of ones. As a payload, a unique free open-source Invicta Stealer is used. GoDaddy Refund Email Phishing Being a widely popular web hosting provider, GoDaddy obviously has a line of different options for money chargebacks. Some people are not happy with how the service works, some people want…

Researchers discovered Ducktail Malware, which targets individuals and organizations on the Facebook Business/Ads platform. The malware steals browser cookies and uses authenticated Facebook sessions to access the victim’s account. As a result, the scammers gain access to Facebook Business through the victim’s account, which has sufficient access to do so. It is a particularly interesting behavior, as most stealer malware aims at cryptocurrency-related data, or even all data types at once. What is Ducktail Malware? Ducktail is malware built on…

Cybercrime world changes rapidly – both by expanding, collapsing, evolving extensively and intensively. One of the most massive malware types in the modern threat landscape – Infostealer Malware – appears to enter a new stage of development. Though its major names remain the same, some new malware families with promising features popped out. Let’s have a peek at all of them and see what to expect. Infostealer Malware Market in 2024 Infostealer malware gained more and more popularity during the…

Throughout the entire early May 2023, GridinSoft analysts team observed an anomalous activity of RedLine stealer. It is, actually, an activity different from what we used to know. Over 100,000 samples of this malware appeared through the first 12 days of the month – that is too much even for more massive threats. Needless to say for stealer malware such a massive outbreak is confusing, to say the least. What is RedLine malware? First, let me remind you what RedLine…

Fake Windows Update became a malware spreading way once again. Updates are a pretty routine part of the Windows user experience. Over the last 7 years, Windows users mostly used to see the familiar update icon in the tray. Inexperienced people, however, do not know the mechanics of Windows update, and can be trapped with the disguise of a “legitimate” and “trusted” update. Crooks who spread Aurora spyware seemingly opted for that approach in spreading their malware. Fake Windows Updates…

LOBSHOT, a recently-detected malware family, appears to be a new strong player in the malware market. Carrying a combination of backdoor and spyware functionality, it uses novice spreading ways that make it more effective. Its ability to provide Hidden VNC connections may be a go-to point for numerous cybercriminals. Let’s analyse this malware and see, is it really that dangerous and how to counteract it. Short overview LOBSHOT is a novice malware debuted around mid-2022. By its capabilities, it is…

A new Domino Backdoor popped out at the beginning of 2023. Since February, a new malware family coined Domino is used for attack on corporations, having Project Nemesis stealer as a final payload. Analysts say that the new backdoor is controlled and developed by ex-TrickBot/Conti actors and hackers related to the FIN7 group. Who are Conti and FIN7? First of all, let’s explain why the presence of actors from FIN7 and the ceased Conti gang is so noteworthy. FIN7 is…

Recent research from the CheckPoint Research team revealed a new ransomware sample that can potentially beat all samples currently present on the market. They coined it Rorschach, and already say that its unique properties can make it dominant ransomware pretty quickly. We told about this malware in a recent news post, and now it’s time for a more detailed analysis. Rorschach Ransomware Uses DLL Sideloading One of the most unusual properties of a new ransomware sample is the way it…

BlackGuard, a prolific infostealer malware, received an update at the edge of 2023. The new update introduced advanced data-stealing capabilities and secure connectivity features. The new version also includes a row of new anti-detection and anti-analysis capabilities. Let’s have a more detailed look into this malware and see the difference from all aspects. BlackGuard Stealer – What is it? BlackGuard is a classic infostealer malware, programmed in C#. It aims at grabbing personal data from web browsers, particularly seeking data…

As the main shopping event of the year approaches, Black Friday shopping scams have into view. Con actors from all over the world try to create the most convincing fraud, trying to make a fortune. Let’s see the most common Black Friday scams, and the way to avoid them. How Do Scams Work? Fraudsters use various methods to trick people into giving away their sensitive information or financial details, or straightly spending money for non-existent items. They create fake websites…