Minecraft: SugarSMP's Dark Tale of Scams, Malware & Extortion Some Minecraft players were looking for safe haven away from griefers, but found an elaborate web of malware, deception and extortion.

I wrote an article about SugarSMP Minecraft scams, Spark stealer, extortion and hacked accounts.

After a brief contact to the threat actor, we talked to two victims and followed the trail.

Analysis in collaboration with @rifteyy
#GDATATechblog #GDATA
blog.gdatasoftware.com/2026/03/3839...

Browser Hijacking: Three Technique Studies If you are searching for technical information on how browser hijacking works, there does not seem to be much out there apart from generic removal instructions. This might be an educational gap we sho...

New blog: Browser Hijacking techniques -- when malware has different preferences than you

www.gdatasoftware.com/blog/2025/11...

#GDATA #GDATATechblog #BrowserHijacking

Infected Steam game downloads malware disguised as patch A 2D platformer game called BlockBlasters has recently started showing signs of malicious activity after a patch release on August 30. While the user is playing the game, various bits of information a...

Steam game BlockBlasters downloads malware
written by Arvin Tan

#GDATATechblog @GDATA #GDATA
www.gdatasoftware.com/blog/2025/09...

Backdoor in "AppSuite PDF Editor": A Detailed Technical Analysis Some threat actors are bold enough to submit their own malware as false positive to antivirus companies and demand removal of the detection. This is exactly what happened with AppSuite PDF Editor.

Our technical deep-dive about AppSuite PDF Editor backdoor is out 📝👇

www.gdatasoftware.com/blog/2025/08...
#GDATA #GDATATechblog #AppSuite

JustAskJacky: AI brings back real trojan horse malware Despite what some might make you believe, late Trojan Horses were a rare breed in the malware zoo. But thanks to AI and LLMs, they are back..

🔍New Blog: JustAskJacky -- AI brings back classical trojan horse malware

www.gdatasoftware.com/blog/2025/08...

#GDATA #GDATATechblog

Threat Actors abuse signed ConnectWise application as malware builder Since March 2025, there has been a noticeable increase in infections and fake applications using validly signed ConnectWise samples. We reveal how bad signing practices allow threat actors to abuse th...

A colleague and me wrote an article about EvilConwi -- signed ConnectWise remote access software being abused as malware
#GDATATechblog
www.gdatasoftware.com/blog/2025/06...

100 Days of YARA: How to write .NET code signatures If you write YARA signatures for .NET assemblies only relying on strings, you are seriously missing out. Learn what you can do to level up your YARA rules.

I wrote how to use knowledge about .NET structures and streams for writing .NET Yara signatures.

E.g. IL code patterns, method signature definitions, GUIDs, compressed length

#GDATATechblog #100DaysOfYara
www.gdatasoftware.com/blog/2025/04...