Quick Heal Security Labs

About Quick Heal Security Labs

Quick Heal Security Labs is a leading source of threat research, threat intelligence, and cybersecurity. It analyzes data fetched from millions of Quick Heal products across the globe to deliver timely and improved protection to its users.

Beware of Spora – a professionally designed ransomware

  • 47
 February 1, 2017

Estimated reading time: 4 minutes

Spora is a recent addition to the ransomware family that Quick Heal Lab has come across.  It is a file encryptor ransomware that encrypts a user’s files with strong encryption algorithm and demands a ransom. Spora is launched with a good infection routine, the capability to work offline, well-designed and...

Decryption Tool for CrySiS/XTBL Ransomware

  • 63
 December 16, 2016
decryption tool

Estimated reading time: 2 minutes

The decryption of CrySiS/XTBL Ransomware is now possible thanks to the recent release of its master decryption keys needed to recover the files encrypted by the ransomware. While we couldn’t guess the apparent reason behind the release, we decided to use this opportunity to help those who were affected by...

Ransoc – An unusual ransomware that threatens to expose your personal information

  • 194
 November 28, 2016

Estimated reading time: 2 minutes

Mostly a ransomware encrypts your files and demands money in exchange for a key that can decrypt the data. And the payment is demanded in Bitcoins. Ransoc is different in the way it works and the medium it uses for the payment. How does Ransoc work? Once your computer is...

Alert! A Fake Flash Player Website is Spreading Locky Ransomware

  • 49
 November 23, 2016

Estimated reading time: 3 minutes

The Locky ransomware, like all other ransomware, encrypts user data and demands a hefty ransom in exchange for the key that decrypts the data. A variant of this ransomware called ‘thor’ was recently found being distributed via a fake ‘Flash Player Update’ downloading website that goes by the name ‘’....

Security Alert! Stay Away from Pirated Software

  • 70
 November 7, 2016

Estimated reading time: 2 minutes

Pirated, cracked, unauthorized or unlicensed software may be dirt cheap or come for free, but they may cost you your digital security. With unknown publishers and no standard testing procedures in place, such software contain several security flaws which can be used by hackers to gain access to your computer....

Security Alert! Android Backdoor is after your device

  • 7
 October 26, 2016

Estimated reading time: 2 minutes

Quick Heal Labs has detected a new threat that is out on the hunt for Android users. We came across an open-source script that adds a backdoor (a secret method hackers use to gain unauthorized access to a device) to any APK (Android application package). The home page of the...

Ransomware Alert! ODIN – A new variant of Locky Ransomware

  • 92
 September 30, 2016

Estimated reading time: 2 minutes

A new variant of the infamous Locky Ransomware has been observed in the wild. It’s called Odin. This variant appends the extension .odin to the files it encrypts with new ransom note filenames. This ransomware is being spread via spam emails that carry a malicious WSF Script attachment. How Odin...

Be Careful of the KMSPico Activator – It could be a Ransomware!

  • 67
 September 12, 2016

Estimated reading time: 1 minute

If you are using KMSPico Activator for activating your Windows or MS Office, then you could be risking yourself to a ransomware infection. Quick Heal Threat Research Labs has recently observed a new variant of ransomware called Domino that is using this activator as a carrier. The malware encrypts the...

New Variant of Zepto Ransomware Detected in the Wild

  • 1
 August 30, 2016

Estimated reading time: 2 minutes

We have come across a new variant of the Zepto ransomware family. It is spreading rampantly through malspam (malicious spam) and other vectors such as exploit kits. The new variant has a few minor changes in it; the most apparent one is a change in the payload file type. The...

Kovter: the fileless click fraud malware

 June 25, 2016

Estimated reading time: 1 minute

Kovter Trojan has been in effect since 2013. Being fileless, Kovter is different and stealthier than other Trojan families. It employs various anti-debugging, anti-VM, anti-sandboxing techniques, and has checks for identification of different security analysis tools. It uses different encryption techniques for different purposes. Like other Trojans, Kovter gathers user...