Blog
Quick Heal Security Labs

About Quick Heal Security Labs

Quick Heal Security Labs is a leading source of threat research, threat intelligence, and cybersecurity. It analyzes data fetched from millions of Quick Heal products across the globe to deliver timely and improved protection to its users.

An analysis of GlobeImposter Ransomware by Quick Heal Security Labs

  • 35
    Shares
 August 11, 2017

Estimated reading time: 5 minutes

GlobeImposter Ransomware has been increasingly active and observed recently to be appending different suffixes to files it encrypt. A few patterns observed are using 3 random numbers such as “.492, .490, .725, .726, and .707”, random alphanumeric words such as “.p1crypt, .A1crypt, .BRT92, and .mtk118” and suffixes like “.OCEAN, .SEA,...

An analysis of the fileless malware by Quick Heal Security Labs

  • 52
    Shares
 August 8, 2017

Estimated reading time: 4 minutes

The fileless malware is a malware family that does not leave any trace of its infection in the affected file system. Also known as the ‘memory resident virus’, this type of malware hides in the registry and memory making it difficult for traditional antivirus software to identify the infection. However,...

An analysis of TrickBot Malware by Quick Heal Security Labs

  • 30
    Shares
 August 4, 2017

Estimated reading time: 2 minutes

TrickBot has been a busy malware in the last month because of its various polymorphic propagation methods and techniques. We have seen collective versions and the same medium of propagation – the spam emails. These emails contain attachments to download or a direct link to spread the malicious payload. Trickbot...

An analysis of the Blank Slate Malspam Campaign by Quick Heal Security Labs

  • 19
    Shares
 August 3, 2017

Estimated reading time: 4 minutes

Malspam email or malicious spam email is considered as one of the favorite malware delivery channels for attackers to deliver their malware to their targeted victims. Attackers also run spam email campaigns to distribute their malware to a large number of users. For attackers to succeed, two things are important...

Beware of Fake Flash Player apps on Google Play

  • 45
    Shares
 August 2, 2017

Estimated reading time: 4 minutes

Quick Heal Security Labs has found 2 fraudulent apps pretending to be Adobe Flash Player on the Google Play Store. Presently, no official apps of Adobe Flash Player are available on the Play Store. The rest of the post will tell you more. Fake App #1. Plugin for Video Flash...

Cryptomix Ransomware resurfaces with multiple variants

  • 35
    Shares
 August 1, 2017

Estimated reading time: 3 minutes

Cryptomix Ransomware has been active for the last one year and has come up with multiple variants. It spreads via exploit kits, malicious attachments, and malicious links spread across the Internet on hacked domains. Cryptomix Ransomware does not change the desktop background but encrypts files stored on the infected system...

Malware alert! Beware of the BTCWare Aleta Ransomware

  • 5
    Shares
 July 25, 2017

Estimated reading time: 3 minutes

Quick Heal Security Labs has observed the entry of a new BTCWare ransomware (first observed at the beginning of 2017) variant called ‘Aleta’. This ransomware is called so because it appends a “.aleta” extension to files it encrypts in an infected computer. Although BTCWare ransomware variants do not seem to...

Beware of these fake apps on Google Play Store that use ‘Jio/Jeo’ in their names

  • 155
    Shares
 July 24, 2017

Estimated reading time: 5 minutes

Jio took the Indian telecom market by storm when it made its entry with free unlimited calls and data offers. People went into a kind of frenzy for acquiring this service. And with its ‘truly unbelievable’ offers, Jio also launched an array of apps on Google Play Store such as...

NemucodAES malspam is back and this time it brought along Kovter Trojan

  • 2
    Shares
 July 21, 2017

Estimated reading time: 3 minutes

For the last few weeks, we have been observing a new malicious spam (malspam) variant that is spreading via an email claiming to be from the United Parcel Service (UPS) carriages. The email carries a zip attachment that contains NemucodAES Ransomware and fileless Kovter Trojan. Earlier, such malspam campaigns were...

A technical analysis of the Java RAT (Remote Access Trojan) Malware

  • 42
    Shares
 July 17, 2017

Estimated reading time: 3 minutes

Remote Access Trojans are programs that allow attackers to gain unauthorized access to a targeted computer without the victim’s knowledge. Java RAT malware is a Trojan-Dropper written in Java. It is designed to steal passwords, access files, for keylogging (recording what the user types on the keyboard) and for screen-capture....