1025 matches found
Pocket cryptofarms
In recent months, the topic of cryptocurrency has been a permanent news fixture — the value of digital money has been see-sawing spectacularly. Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of...
SideWinder targets the maritime and nuclear sectors with an updated toolset
Last year, we published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In it, we described activities that had mostly happened in the first half of the year. We tried to draw...
IT threat evolution Q1 2024
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware platfo...
Coyote: A multi-stage banking Trojan abusing the Squirrel installer
The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, we encountered a new malware that specifically targets users of more than 60 banking institutions, mainly from Brazil. What caught our...
Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware
Introduction As a cybersecurity company, Kaspersky is constantly dealing with known and brand-new malware samples. As part of our crimeware reporting service, we provide our customers with technical reports on the evolution of existing crimeware families, as well as newly emerging ones. In this...
The state of stalkerware in 2022
The state of stalkerware in 2022 PDF Main findings of 2022 The State of Stalkerware is an annual report by Kaspersky which contributes to a better understanding of how many people in the world are affected by digital stalking. Stalkerware is a commercially available software that can be discretel...
Mobile subscription Trojans and their little tricks
Billing fraud is one of the most common sources of income for cybercriminals. There are currently a number of known mobile Trojans specializing in secretly subscribing users to paid services. They usually pay for legitimate services in a users name and scammers take a cut from the money billed...
Trickbot module descriptions
Trickbot aka TrickLoader or Trickster, is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Trickbot was first discovered in October 2016. Just like Dyre, its main functionality was initially th...
Lookalike domains and how to outfox them
Our colleagues already delved into how cybercriminals attack companies through compromised email addresses of employees, and how to protect against such attacks using SPF, DKIM and DMARC technologies. But despite the obvious pluses of these solutions, there is a way to bypass them that we want to...
Transparent Tribe: Evolution analysis,part 1
Background and key findings Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Proofpoint published a very good article about them in 2016, and since that day, we have kept an eye on the group. We have...
Cyberthreats to financial institutions 2019: overview and predictions
Kaspersky Security Bulletin: Threat Predictions for 2019 Threat predictions for industrial security in 2019 Cryptocurrency threat predictions for 2019 Introduction – key events in 2018 The past year has been extremely eventful in terms of the digital threats faced by financial institutions:...
Black Friday alert
Banking Trojans traditionally target users of online financial services; looking for financial data to steal or building botnets out of hacked devices for future attacks. However, over time, several of these banking Trojans have enhanced their functionality, launching new variants and extending...
BellaCPP: Discovering a new BellaCiao variant written in C++
Introduction BellaCiao is a .NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor...
LianSpy: new Android spyware targeting Russian users
In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs a...
DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
Introduction In February 2024, we discovered a new malware campaign targeting government entities in the Middle East. We dubbed it "DuneQuixote"; and our investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions –...
Cracked software beats gold: new macOS backdoor stealing cryptowallets
A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new...
IT threat evolution in Q3 2023. Mobile statistics
IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...
The outstanding stealth of Operation Triangulation
Introduction In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this...
Financial cyberthreats in 2022
Financial gain remains the key driver of cybercriminal activity. In the past year, weve seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats ...
Threat in your browser: what dangers innocent-looking extensions hold for users
Whether you want to block ads, keep a to-do list or check your spelling, browser extensions allow you to do all of the above and more, improving convenience, productivity and efficiency for free, which is why they are so popular. Chrome, Safari, Mozilla — these and many other major Web browsers —...
ICS threat predictions for 2021
We present our vision of what challenges industrial cybersecurity will soon be or already is facing, and what to expect from cybercriminals in 2021. Random infections 1. Infections will tend to be less random or have non-random follow-ups, as cybercriminals have spent the past several years...
Black Friday Alert 2019: Net Shopping Bag of Threats
Every year, Kaspersky releases an annual Black Friday alert to highlight how fraudsters may capitalize on increased levels of online shopping at this time of year when many brands are offering their customers appealing discounts. In the rush to get a big discount or, even more panic-inducing, a...
What are botnets downloading?
Spam mailshots with links to malware and bots downloading other malware are just a couple of botnet deployment scenarios. The choice of infectious payload is limited only by the imagination of the botnet operator or customer. It might be a ransomware, a banker, a miner, a backdoor, the list goes...
Threat Predictions for Cryptocurrencies in 2018
The landscape in 2017 Today, cryptocurrency is no longer only for computer geeks and IT pros. It's starting to affect people's daily life more than they realize. At the same time, it is fast becoming an attractive target for cybercriminals. Some cyberthreats have been inherited from e-payments,...
Head Mare: adventures of a unicorn in Russia and Belarus
Head Mare is a hacktivist group that first made itself known in 2023 on the social network X formerly Twitter1. In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops...
The State of Stalkerware in 2023–2024
The State of Stalkerware in 2023 PDF The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...
Gaming-related cyberthreats in 2023: Minecrafters targeted the most
Introduction and trends The gaming industry continues growing. The Newzoo report for 2023 reveals that two in five — more than three billion — across the globe are gamers, which is 6.3 percent more than last year. Globally, gaming revenue amounts to an estimated US$242.39 billion, with almost hal...
IoC detection experiments with ChatGPT
ChatGPT is a groundbreaking chatbot powered by the neural network-based language model text-davinci-003 and trained on a large dataset of text from the Internet. It is capable of generating human-like text in a wide range of styles and formats. ChatGPT can be fine-tuned for specific tasks, such a...
Prilex modification now targeting contactless credit card transactions
Prilex is a singular threat actor that has evolved from ATM-focused malware into unique modular PoS malware—actually, the most advanced PoS threat we have seen so far, as described in a previous article. Forget about those old memory scrapers seen in PoS attacks. Prilex goes beyond these, and it...
DDoS attacks in Q2 2022
News overview Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the previous reporting period. ALtahrea Team, a group targeting NATO and its partners, attacked public transportation websites in Israel and the United Kingdom. Israel s...
A Bad Luck BlackCat
In early December 2021, a new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, a new generation Ransomware-as-a-Service RaaS group. Shortly afterwards, they dialed up their activity, infecting numerous corporate victims around t...
Lazarus on the hunt for big game
We may only be six months in, but theres little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents...
Cybersecurity of connected healthcare 2020: Overview and predictions
Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 5G technology predictions 2020 Corporate security prediction 2020 Cyberthreats to financial institutions 2020: Overview and predictions More than two years after the infamous Wannacry ransomware crippled medical facilities and...
5G technology predictions 2020
Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions Corporate security prediction 2020 Cyberthreats to financial institutions 2020: Overview and predictions It is estimated that data will reach 175 zettabytes...
How we hacked our colleague’s smart home
In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. An offer you cannot refuse The backbone of any technology compa...
Operation Parliament, who is doing what?
Summary Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative,...
GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
In a recent incident response IR case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Our...
APT trends report Q1 2024
For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and...
State of ransomware in 2024
Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely – ...
Assessing the Y, and How, of the XZ Utils incident
High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software...
Story of the year: the impact of AI on cybersecurity
In the whirlwind of technological advancements and societal transformations, the term "AI" has undoubtedly etched itself into the forefront of global discourse. Over the past twelve months, this abbreviation has resonated across innumerable headlines, business surveys and tech reports, firmly...
The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season
As the annual Black Friday approaches, the digital landscape experiences an unprecedented surge in e-commerce and online shopping activity. Major sales aside, e-commerce is still a huge market. In 2022, global e-commerce retail revenue was estimated to reach $5.7 trillion worldwide, marking nearl...
Dissecting TriangleDB, a Triangulation spyware implant
Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a...
Developing an incident response playbook
An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner...
Malvertising through search engines
In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys and RedLine, were abusing the search engine promotion plan in order to deliver malicious...
BlueNoroff introduces new methods bypassing MoTW
BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...
Server-side attacks, C&C in public clouds and other MDR cases we observed
Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response MDR team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you t...
Threat Landscape for Industrial Automation Systems in H1 2018
For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industria...
Loki Bot: On a hunt for corporate passwords
Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot. The malware's key objective is to steal passwords from browsers,...
ChatGPT at work: how chatbots help employees, but threaten business
Workhorse Only a few months ago, ChatGPT and other chatbots based on large language models LLMs were still a novelty. Users enjoyed using them to compose poems and lyrics in the style of famous artists which left Nick Cave, for example, decidedly unimpressed, researchers debated blowing up data...