GraceWire

GraceWire is a dangerous infostealer Trojan that is being used by group of cybercriminals who call themselves Evil Corp or Dudear. They are known for their banking Trojans like Dridex and Zeus that helped them steal lots of money from both businesses and home users in the past. What is special about their latest threat is that it is spread in a way that allows it to prevent detection. In other words, the malicious application could sneak into the targeted system without being detected by some security tools. If you want to know how it could happen as well as what could this Trojan do, we encourage you to read the rest of this article. Below it you can find instructions on how to erase GraceWire with an antimalware tool of your choice. If you have any questions or need any assistance with the threat’s removal, you could leave us a message in the comments area.

Many Trojans and threats alike travel with infected email attachments that drop them as soon as users open the malicious files. However, some email providers now scan email attachments to check if they could be carrying threats. Also, users might find out that such files are infected after scanning them with their installed antimalware tool. However, GraceWire uses HTML redirectors attached to emails. When opened, the HTML redirector takes a victim to the download page of an Excel document that initiates the malware’s installation.

It is vital to mention, that this Excel file might only drop the Trojan if a user enables editing. GraceWire is not the first malware that gets in via malicious documents that require users to enable editing. Thus, if you receive or are asked to download a document that you can only view by enabling editing and if it comes unexpectedly or from someone you do not know, we recommend staying away from it. It is only safe to open data received via email or from the Internet if you know for sure where it comes from and if you are one hundred percent sure that it is malware-free. If you are not so sure, we advise scanning the suspicious file with a reliable antimalware tool before opening it or ignoring the file.

As mentioned earlier, GraceWire is an infostealer Trojan, which means that its task is to stay undetected for as long as possible and gather as much sensitive data as it can. Since it is unknown who Evil Corp could be targeting with this infostealer, it is possible that the malware could be collecting various sensitive information, for example, banking details, login credentials, and data alike from both organizations and regular users. Either way the malicious application seems to be highly dangerous and could put your privacy at risk. Researchers suspect that GraceWire could be used together with other malicious applications that might misuse the malware’s stolen information. For example, cybercriminals could infect devices with banking Trojans to steal victims’ money. Knowing that Evil Corp has stolen millions of dollars with banking Trojans in the past, it would not be a surprise. Therefore, cyber security specialist highly recommend ensuring that this infostealer Trojan does not get in.

What to do if you accidentally interact with content that drops GraceWire onto your system? You may want to try to remove the malicious application manually, but knowing that it can hide its presence, we believe that the process could be too challenging to handle even for experienced users. This is why our researchers advise employing a reliable antimalware tool that could eliminate GraceWire. All you would have to do is do a system scan and then press the displayed removal button to get rid of the detected Trojan and other issues. If you need someone to guide you through this process, you could use the instructions located at the end of this paragraph.

Remove GraceWire

1. Pick a legitimate antimalware tool.
2. Install your chosen antivirus tool on the infected device.
3. Allow it to perform a full system scan.
4. Review the identified items.
5. Click the removal button to erase them.