Malware
NullMixer Malware Loader Delivers Malicious Files in Bulk
NullMixer is a newly discovered piece of malware that acts as a downloader for a number of other malicious files. Security researchers examining NullMixer found it distributed primarily through websites that offer... Read more
Bobik Malware Linked with Attacks in Ukraine
Bobik is the name of a piece of malware acting like a remote access trojan. Security researchers have linked Bobik to a threat actor known for its pro-Russian attitudes, known by the alias NoName 057(16). According to... Read more
Botnet Blacklist is a Suspicious Warning Message
Botnet Blacklist, or more specifically Botnet:Blacklist is a detection designation given by an anti-malware application to connections it considers suspicious. This designation and the handle "Botnet:Blacklist" is... Read more
Netflix Party Cookie Stuffing Rogue Extension
Netflix Party is the name of a rogue browser extension for Chrome that offers the ability to watch streaming shows in sync with friends. The malicious icing on the cake is that the same extension also performs cookie... Read more
Heur.advml.c Detection
Heur.advml.c is the designation given to a heuristic detection that can be brought up by some antivirus applications. In most cases, this is a false positive. Heuristic detection in antivirus software works very... Read more
MagicWeb Malware Used by NOBELIUM APT
Microsoft's Threat Intelligence Center published a report on a new piece of malware associated with a Russian-speaking advanced persistent threat actor known under the aliases APT29, Cozy Bear and, under Microsoft's... Read more
Watch Out for The Cortana Runtime Broker CPU Miner
There is a new malicious tool out in the wild that is designed to mimic the legitimate Cortana application and associated processes. The malware in question works as a crypto miner and will abuse your system's... Read more
Icarus Stealer Attempts to Dodge AV Protection
Icarus stealer is the name of a newly discovered malicious infostealer tool. The new malware has the usual range of features and the functionality you would expect from a fairly well-developed infostealer tool. Icarus... Read more
What Does The MicTrayDebugger Do?
MicTrayDebugger is the designator of a Windows Defender detection. Another variation of what is essentially the same detection is "Win32/MicTrayDebugger!ml". The MicTrayDebugger detection is usually triggered by... Read more
Nitrokod Malware Drops Cryptominer
Nitrokod is the name of a newly discovered piece of malware. Nitrokod is the first-stage tool in a long-term infection chain that culminates with the downloading of a cryptomining tool on the victim's system. Unlike... Read more
0ktapus Phishing Kit Deployed in Massive Campaign
A large-scale phishing campaign that was executed recently affected over a hundred organizations and companies. The tool used bears the same name as the threat actor behind the phishing campaign - 0ktapus. The... Read more
HYPERSCRAPE Malware Steals Information
HYPERSCRAPE is the name of a piece of malware associated with a threat actor known under the aliases Charming Kitten, APT35 and Phosphorous. Charming Kitten is believed to be an Iranian-based threat actor that... Read more
OriginLogger Picks Up Where Agent Tesla Left Off To Record Your Activities
OriginLogger is the name of a newly discovered malicious tool. A detailed report on the malware was recently published by a research team with the Unit 42 division of Palo Alto Networks. OriginLogger has been... Read more
Beware: Shikitega Malware Targets Linux Systems
Shikitega is the name of a newly discovered piece of malware targeting devices that run Linux, specifically IoT devices and endpoints. The malware comes with a complex, multi-step infection chain and includes a... Read more
Behavior:Win32/Hive.ZY Detection & Removal
A recent Windows Defender detection caused a bit of a stir. There were multiple reports in early September 2022 about a detection that Defender identified as "Behavior:Win32/Hive.ZY" that caused some concern. The good... Read more
Background.js is a Suspicious File - Find Out Why
Background.js is a file that has caused some concern among users. A .js file is a chunk of JavaScript code. A file with the specific name "background.js" is commonly associated with Chrome browser extensions and is... Read more
What is Winlogson Cryptominer Malware?
Winlogson is the name of an executable file that comprises the payload of a cryptomining malware tool. Winlogson is very obviously named the way it is to resemble the legitimate Winlogon process as closely as... Read more
Beware! Grenam Malware Masquerades as MS Paint
Grenam is the name of one part of a family of malicious files that has been identified by Microsoft's security researchers. The threat should be picked up by the instance of Microsoft Defender that you have running on... Read more
