Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2018/07/20 10:0 a.m.50 views

Calisto Trojan for macOS

An interesting aspect of studying a particular piece of malware is tracing its evolution and observing how the creators gradually add new monetization or entrenchment techniques. Also of interest are developmental prototypes that have had limited distribution or not even occurred in the wild. We...

Exploits0
Securelist
Securelist
added 2018/02/21 2:0 p.m.50 views

Disappearing bytes: Reverse engineering the MS Office RTF parser

Microsoft Office was a prime target for attacks in 2017. As well as the large number of vulnerabilities discovered and proof-of-concept exploits published, malware authors felt it necessary to prevent detection of 'one-day' and 'old-day' exploits by antivirus software. It also became clear that...

7AI score
Exploits0
Securelist
Securelist
added 2017/11/21 10:0 a.m.50 views

Threat Predictions for Connected Life in 2018

Download the Kaspersky Security Bulletin: Threat Predictions for Connected Life in 2018 Introduction: To be awake is to be online The average home now has around three connected computers and four smart mobile devices. Hardly surprising, considering that 86 per cent of us check the Internet sever...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/09/04 10:0 a.m.49 views

Mallox ransomware: in-depth analysis and evolution

Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, th...

8.8CVSS7AI score0.99022EPSS
Exploits15
Securelist
Securelist
added 2019/12/11 10:0 a.m.49 views

Story of the year 2019: Cities under ransomware siege

Ransomware has been targeting the private sector for years now. Overall awareness of the need for security measures is growing, and cybercriminals are increasing the precision of their targeting to locate victims with security breaches in their defense systems. Looking back at the past three year...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/09/28 8:0 a.m.48 views

A cryptor, a stealer and a banking trojan

Introduction As long as cybercriminals want to make money, theyll keep making malware, and as long as they keep making malware, well keep analyzing it, publishing reports and providing protection. Last month we covered a wide range of cybercrime topics. For example, we published a private report ...

7.1AI score
Exploits0
Securelist
Securelist
added 2022/07/28 10:0 a.m.48 views

APT trends report Q2 2022

For five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and...

0.1AI score
Exploits0
Securelist
Securelist
added 2021/09/30 10:0 a.m.48 views

GhostEmperor: From ProxyLogon to kernel mode

Download GhostEmperors technical details PDF While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode...

1.3AI score
Exploits0
Securelist
Securelist
added 2020/06/15 10:0 a.m.48 views

Explicit content and cyberthreats: 2019 report

'Stay at home' is the new motto for 2020 and it has entailed many changes to our daily lives, most importantly, in terms of our digital content consumption. With users opting to entertain themselves online, malicious activity has grown. Over the past two years we have reviewed how adult content h...

7.2AI score
Exploits0
Securelist
Securelist
added 2018/02/28 10:0 a.m.48 views

Financial Cyberthreats in 2017

In 2017, we saw a number of changes to the world of financial threats and new actors emerging. As we have previously noted, fraud attacks in financial services have become increasingly account-centric. User data is a key enabler for large-scale fraud attacks, and frequent data breaches - among...

7.2AI score
Exploits0
Securelist
Securelist
added 2017/10/04 10:0 a.m.48 views

The Festive Complexities of SIGINT-Capable Threat Actors

To read the full paper and learn more about this, refer to "Walking in Your Enemy's Shadow: When Fourth-Party Collection Becomes Attribution Hell" Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt manipulation have proven enough...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/11/26 10:0 a.m.47 views

Analysis of Elpaco: a Mimic variant

Introduction In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim's server after a successful brute force attack and then launch the ransomware. After that, the...

7.9AI score0.99512EPSS
Exploits75
Securelist
Securelist
added 2019/11/25 10:46 a.m.47 views

Unwanted notifications in browser

When, back in 2015, push notifications were just appearing in browsers, very few people wondered how this tool would be used in the future: once a useful technology made to keep regular readers informed about updates, today it is often used to shell website visitors with unsolicited ads. To achie...

0.4AI score
Exploits0
Securelist
Securelist
added 2019/11/21 10:0 a.m.47 views

The cybercrime ecosystem: attacking blogs

Executive summary The Cybercrime Ecosystem is a series of articles explaining how cybercriminals operate, what drives them, what techniques they use and how we, regular Internet users, are part of that ecosystem. The articles will also cover technical details and up-to-date research on the threat...

8.4AI score
Exploits0
Securelist
Securelist
added 2025/04/24 5:0 a.m.46 views

Operation SyncHole: Lazarus APT goes back to the well

We have been tracking the latest attack campaign by the Lazarus group since last November, as it targeted organizations in South Korea with a sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean software. The campaign, dubbed "Operation SyncHole...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/04/21 12:0 p.m.46 views

Lumma Stealer – Tracking distribution channels

Introduction The evolution of Malware-as-a-Service MaaS has significantly lowered the barriers to entry for cybercriminals, with information stealers becoming one of the most commercially successful categories in this underground economy. Among these threats, Lumma Stealer has emerged as a...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/09/03 8:0 a.m.46 views

IT threat evolution Q2 2024

Targeted attacks XZ backdoor: a supply chain attack in the making On March 29, a message on the Openwall oss-security mailing list announced the discovery of a backdoor in XZ, a compression utility included in many popular Linux distributions. The backdoored library is used by the OpenSSH server...

10CVSS9.5AI score0.85974EPSS
Exploits42
Securelist
Securelist
added 2024/03/05 8:0 a.m.46 views

Network tunneling with… QEMU?

Cyberattackers tend to give preference to legitimate tools when taking various attack steps, as these help them evade detection systems while keeping malware development costs down to a minimum. Network scanning, capturing a process memory dump, exfiltrating data, running files remotely, and even...

7.8AI score
Exploits0
Securelist
Securelist
added 2023/12/21 10:0 a.m.46 views

Windows CLFS and five exploits used by ransomware operators (Exploit #1 – CVE-2022-24521)

This is the second part of our study about the Common Log File System CLFS and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous part first if you havent already. You can skip to the other parts using this tab...

7.2CVSS8AI score0.81107EPSS
Exploits14
Securelist
Securelist
added 2021/06/01 10:0 a.m.46 views

Kids on the Web in 2021: Infinite creativity

For over a year weve been living in a world gripped by the COVID-19 pandemic. Not only has the pandemic affected peoples lifestyles, it has also accelerated the development and implementation of technologies that make it easier for us to complete everyday and work-related tasks. We no longer need...

Exploits0
Securelist
Securelist
added 2021/03/12 10:0 a.m.46 views

Good old malware for the new Apple Silicon platform

Introduction A short while ago, Apple released Mac computers with the new chip called Apple M1. The unexpected release was a milestone in the Apple hardware industry. However, as technology evolves, we also observe a growing interest in the newly released platform from malware adversaries. This...

0.3AI score
Exploits0
Securelist
Securelist
added 2020/07/16 10:0 a.m.46 views

The Streaming Wars: A Cybercriminal’s Perspective

Cyberthreats are not relegated to the world of big businesses and large-scale campaigns. The most frequent attacks are not APTs and massive data breaches: they are the daily encounters with malware and spam by common users. And, one of the areas where we are most vulnerable is...

6.8AI score
Exploits0
Securelist
Securelist
added 2018/12/04 10:0 a.m.46 views

Kaspersky Security Bulletin 2018. Statistics

Kaspersky Security Bulletin 2018. Top security stories Kaspersky Security Bulletin 2018. Story of the year: miners Kaspersky Security Bulletin 2018. Threat Predictions for 2019 All the statistics used in this report were obtained using Kaspersky Security Network KSN, a distributed antivirus netwo...

1.6AI score
Exploits0
Securelist
Securelist
added 2017/11/08 10:0 a.m.46 views

Using legitimate tools to hide malicious code

The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process. Typically, malware that uses concealment techniques injects its code into a system process, e.g...

7.2AI score
Exploits0
Securelist
Securelist
added 2017/07/12 9:29 a.m.46 views

The Magala Trojan Clicker: A Hidden Advertising Threat

One large group will slowly conquer another large group, reduce its numbers, and thus lessen its chance of further variation and improvement. … Small and broken groups and sub-groups will finally tend to disappear. Charles Darwin. 'On the Origin of Species' The golden age of Trojans and viruses h...

6.8AI score
Exploits0
Securelist
Securelist
added 2023/04/27 10:0 a.m.45 views

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have publishe...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/04/05 10:0 a.m.45 views

The Telegram phishing market

Telegram has been gaining popularity with users around the world year by year. Common users are not the only ones who have recognized the messaging apps handy features — cybercrooks have already made it a branch of the dark web, their Telegram activity soaring since late 2021. The service is...

6.6AI score
Exploits0
Securelist
Securelist
added 2022/12/09 1:0 p.m.45 views

How to train your Ghidra

Getting started with Ghidra For about two decades, being a reverse engineer meant that you had to master the ultimate disassembly tool, IDA Pro. Over the years, many other tools were created to complement or directly replace it, but only a few succeeded. Then came the era of decompilation, adding...

7.1AI score
Exploits0
Securelist
Securelist
added 2022/04/12 9:0 a.m.45 views

The State of Stalkerware in 2021

The state of stalkerware in 2021 PDF Main findings of 2021 Every year Kaspersky analyzes the use of stalkerware around the world to better understand the threat it poses. We partner with stakeholders across public and private sectors to raise awareness and find solutions to best tackle this...

1.1AI score
Exploits0
Securelist
Securelist
added 2022/03/31 12:0 p.m.45 views

Lazarus Trojanized DeFi app for delivering malware

For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token NFT and decentralized finance DeFi businesses continues to swell, the Lazarus...

7.4AI score
Exploits0
Securelist
Securelist
added 2020/01/23 10:0 a.m.45 views

Shlayer Trojan attacks one in ten macOS users

For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell int...

7AI score
Exploits0
Securelist
Securelist
added 2018/11/22 10:0 a.m.45 views

The Rotexy mobile Trojan – banker and ransomware

On the back of a surge in Trojan activity, we decided to carry out an in-depth analysis and track the evolution of some other popular malware families besides Asacub. One of the most interesting and active specimens to date was a mobile Trojan from the Rotexy family. In a three-month period from...

6.7AI score
Exploits0
Securelist
Securelist
added 2018/10/31 9:0 a.m.45 views

DDoS Attacks in Q3 2018

News Overview The third quarter 2018 turned out relatively quiet in terms of DDoS attacks. "Relatively" because there were not very many high-level multi-day DDoS onslaughts on major resources. However, the capacities employed by cybercriminals keep growing year after year, while the total number...

7.3AI score
Exploits0
Securelist
Securelist
added 2018/09/20 10:0 a.m.45 views

Threats posed by using RATs in ICS

While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools RAT for PCs installed on operational technology OT networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had use...

1.3AI score
Exploits0
Securelist
Securelist
added 2018/04/16 8:30 a.m.45 views

Roaming Mantis uses DNS hijacking to infect Android smartphones

In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. According to ou...

7.1AI score
Exploits0
Securelist
Securelist
added 2017/11/15 10:0 a.m.45 views

Threat Predictions for Industrial Security in 2018

The landscape in 2017 2017 was one of the most intense in terms of incidents affecting the information security of industrial systems. Security researchers discovered and reported hundreds of new vulnerabilities, warned of new threat vectors in ICS and technological processes, provided data on...

6.9AI score
Exploits0
Securelist
Securelist
added 2024/05/28 10:0 a.m.44 views

Trusted relationship attacks: trust, but verify

IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/05/14 5:14 p.m.44 views

QakBot attacks with Windows zero-day (CVE-2024-30051)

In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, we found a...

7.8CVSS8.4AI score0.11977EPSS
Exploits2
Securelist
Securelist
added 2024/04/22 10:0 a.m.44 views

ToddyCat is making holes in your infrastructure

We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files LoFiSe and PcExter. This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts th...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/05/19 10:30 a.m.44 views

CloudWizard APT: the bad magic story goes on

In March 2023, we uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. Since the release of our report about...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/05/11 8:0 a.m.44 views

New ransomware trends in 2023

Ransomware keeps making headlines. In a quest for profits, attackers target all types of organizations, from healthcare and educational institutions to service providers and industrial enterprises, affecting almost every aspect of our lives. In 2022, Kaspersky solutions detected over 74.2M...

7.6AI score0.0025EPSS
Exploits0
Securelist
Securelist
added 2022/12/05 10:0 a.m.44 views

Crimeware trends: self-propagation and driver exploitation

Introduction If one sheep leaps over the ditch, the rest will follow. This is an old saying, found in various languages, and it can be applied to ransomware developers. In previous blog posts, we highlighted an increase in the popularity of platform-independent languages and ESXi support, and...

9.7AI score0.0025EPSS
Exploits0
Securelist
Securelist
added 2021/03/15 10:0 a.m.44 views

COVID-19: Examining the threat landscape a year later

A year ago — everything changed. In an effort to stem the tide of a rapidly spreading pandemic, the world shut down. Shops were forced to shut their doors, and whole countries were placed on stringent lockdowns. Schools were closed around the world, with more than one billion children affected, a...

7AI score
Exploits0
Securelist
Securelist
added 2020/04/22 8:0 a.m.44 views

SAS, sweet SAS

As you may already know from our social network posts, we have rescheduled the SAS 2020 conference for November 18-21 due to the COVID-19 pandemic and to ensure your safety. Though we still think that Barcelona is a great place to meet and it will not be a "real" SAS if we cannot hug, shake hands...

7.1AI score
Exploits0
Securelist
Securelist
added 2019/12/17 12:0 p.m.44 views

OilRig’s Poison Frog – old samples, same trick

After we wrote our private report on the OilRig leak, we decided to scan our archives with our YARA rule, to hunt for new and older samples. Aside from finding some new samples, we believe we also succeeded in finding some of the first Poison Frog samples. Poison Frog We're not quite sure whether...

7.6AI score
Exploits0
Securelist
Securelist
added 2018/10/11 7:30 a.m.44 views

Threats in the Netherlands

Introduction On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy also known as APT28 or Fancy Bear, among others. According to the MIVD, four suspects were caught red handed trying to...

6.8AI score
Exploits0
Securelist
Securelist
added 2018/09/10 10:0 a.m.44 views

LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company

What happened? Since March 2018 we have discovered several infections where a previously unknown Trojan was injected into the lsass.exe system process memory. These implants were injected by the digitally signed 32- and 64-bit network filtering driver NDISProxy. Interestingly, this driver is sign...

0.5AI score
Exploits0
Securelist
Securelist
added 2018/05/28 10:0 a.m.44 views

2018 Fraud World Cup

There are only two weeks to go before the start of the massive soccer event — FIFA World Cup. This championship has already attracted the attention of millions worldwide, including a fair few cybercriminals. Long before kick-off, email accounts began bulging with soccer-related spam, and scammers...

7AI score
Exploits0
Securelist
Securelist
added 2017/12/14 10:0 a.m.44 views

Kaspersky Security Bulletin. Overall statistics for 2017

All the statistics used in this report were obtained using Kaspersky Security Network KSN, a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213...

6.8AI score
Exploits0
Securelist
Securelist
added 2017/11/23 10:0 a.m.44 views

Android commercial spyware

There's certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method. There's no need to even resort to Tor Browser or other darknet...

7.1AI score
Exploits0
Total number of security vulnerabilities1025