Trojan-Dropper is Software that injects Trojans, viruses, worms and other malware into a computer. When run, it typically decompresses the malware components hidden within the dropper file and executes them, sometimes without saving them on disk to avoid detection. The dropper is Malwarebytes’ generic detection name for trojans that drop additional malware on an affected system.Read More
Baldr is the name of a new family of information-stealing malware. Its authors first introduced it to cybercriminal circles in January, and about a month later, Microsoft’s security team reported that they have seen it in the wild. Bill Gates’ specialists said that the stealer is ‘highly obfuscated’ which usually suggests that someone has put a fair amount of effort into creating something powerful. Read More
RIDL stands for Rogue In-Flight Data Load. RIDL is also known to use MFBDS in addition to MLPDS to acquire data. Attackers can execute code using cloud resources, malicious websites or advertisements and can steal data by breaking any security barriers. RIDL (Rogue In-Flight Data Load) shows attackers can exploit MDS vulnerabilities to mount practical attacks and leak sensitive data in real-world settings. By analyzing the impact on the CPU pipeline, we developed a variety of practical exploits leaking in-flight data from different internal CPU buffers (such as Line-Fill Buffers and Load Ports), used by the CPU while loading or storing data from memory.Read More
Troldesh aka Encoder.858 or Shade is a Trojan and a crypto-ransomware variant created in Russia and spread all over the world. Troldesh is based on so-called encryptors that encrypt all of the user’s personal data and extort money to decrypt the files. Troldesh encrypts a user’s files with a “.xtbl” extension. Troldesh is spread initially via e-mail spam. A distinctive feature of the Troldesh attack is direct communication with the victim. While most Ransom-Trojan attackers try to hide and avoid any direct contact, Troldesh’s creators provide their victims with an e-mail address. The attackers use this email correspondence to demand a ransom and dictate a payment method.Read More
