Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
3 entries found.
Win32/Ghokswa
Windows Defender detects and removes this unwanted software.
This threat installs a modified version of Chrome and/or Firefox browsers, replacing any existing copy of these that were already installed on the system.
These modified copies have different search and home page settings that the user may be unable to change, and update components that may download additional unwanted software.
This threat is usually installed by Trojan:Win32/Xadupi.
This threat is part of a suite of malware and unwanted software families that is also called "Fireball". Read about this threat group in the Windows Security blog:
Understanding the true size of “Fireball”
Find out ways that malware can get on your PC.
Alert level:
severe
PUA:Win32/Ghokswa
Alert level:
severe
Trojan:Win32/Ghokswa
Alert level:
severe