News, Tips, Security Lab

Trojan:Win32/Vigorf.A Malware Description

Trojan:Win32/Vigorf.A Analysis & Removal Guide

Trojan:Win32/Vigorf.A is a generic detection of Microsoft Defender. This detection commonly identifies a running loader malware that may deal significant…

Trojan:Win32/Znyonm

Trojan:Win32/Znyonm is a detection often seen during the backdoor malware activity in the background. Such malware can escalate privileges, enable…

Fortinet RCE Vulnerability Affects FortiClient EMS Servers

Fortinet disclosed a critical vulnerability affecting FortiClient EMS products in March 2024. This vulnerability, categorized as an SQL injection, poses…

Win32/Wacapew.C!ml Detection Analysis & Recommendations

Win32/Wacapew.C!ml detection refers to programs that have suspicious properties. This can be either a false positive or a detection of…

PUABundler:Win32/uTorrent_BundleInstaller

PUABundler:Win32/uTorrent_BundleInstaller is a Microsoft Defender detection that is associated with the installer of the once popular uTorrent client. It is…

Infostealers Disguised as Adobe Reader Target Brazil

Adobe Reader Infostealer Plagues Email Messages in Brazil

A recent email spam campaign reportedly spreads infostealer malware under the guise of Adobe Reader Installer. Within a forged PDF document, there is a request to install Adobe Reader app,…

BianLian use JetBrains' TeamCity Flaws to Deploy Backdoors

BianLian Exploits TeamCity Vulnerability to Deploy Backdoors

BianLian, a group of cybercriminals known for their ransomware attacks, recently caught the attention of the information security community. By exploiting vulnerabilities in the JetBrains TeamCity platform, they managed to…

PUA:Win32/Softcnapp Detection of Microsoft Defender

PUA:Win32/Softcnapp Detection Analysis & Description

PUA:Win32/Softcnapp is a generic detection name of Microsoft Defender, assigned to an unwanted program. It sometimes appears as false positive detections of a legit app, like a desktop Viber client,…

Microsoft is Hacked Again by Midnight Blizzard

Microsoft is Hacked, Again by Midnight Blizzard

Microsoft acknowledges being hacked for the second time this year, by the same Russia state-sponsored group Midnight Blizzard. The company confirms that this new breach is the outcome of the…

The Phantom Hacker Scams

Phantom Hacker Scams On The Rise, Target Elderly

Phantom hacker scams is a specific type of fraud that aims at convincing the victim to transfer the funds due to the non-existent hacker threat. Over the last few months,…

WogRAT Malware (WingsOfGod.dll) - Teardown and Removal Tutorial

WingsOfGod.dll – WogRAT Malware Analysis & Removal

WogRAT, also known as WingsOfGod RAT, is a novice remote access trojan that attacks users from Asian countries. Named after its own file – Wingsofgod.dll, this malware attacks people since…

PUABundler:Win32/Fusioncore Removal Guide

PUABundler:Win32/FusionCore

PUABundler:Win32/FusionCore is a designation that Microsoft Defender Antivirus uses to detect and remove potentially unwanted programs (PUP) that are spread by bundling technology. FusionCore is not a stand-alone program, it…

What is Werfault.exe?

Werfault.exe Process Error Troubleshooting Guide

Werfault.exe is a crucial system process found in Windows operating systems. Its primary function is to collect information about program errors, which helps diagnose and resolve issues to improve the…

Trojan:Script/Sabsik.fl.A!ml Removal guide

Trojan:Script/Sabsik.fl.A!ml Analysis & Removal Guide

Trojan:Script/Sabsik.fl.A!ml is a generic detection name used by Microsoft Defender. This name is particularly used to denote stealer malware that also possesses dropper capabilities. It can perform various activities of…

Csrss.exe Explained & Troubleshooting Guide

What is Csrss.exe Process? Troubleshooting Guide

Csrss.exe is an important Windows process, which may sometimes consume a lot of system resources and puzzle the users with such behavior. Some people may mistake it for malware and…

ALPHV/BlackCat Shuts Down In Supposed Exit Scam

ALPHV Ransomware Shut Down, Exit Scam Supposed

On March 5, 2024, ALPHV/BlackCat ransomware claimed its shutdown, “due to the FBI takeover”. Despite the actions from law enforcement really happening to this gang before, there are quite a…

What is Backdoor:Win32/Bladabindi!ml?

Backdoor:Win32/Bladabindi!ml Analysis & Removal Guide

Backdoor:Win32/Bladabindi!ml is a generic detection name used by Microsoft Defender. It specifically refers to a backdoor malware known as njRAT, capable of hacking into and controlling victims’ computers. In which…