1025 matches found
IT threat evolution in Q2 2023. Mobile statistics
IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...
Triada Trojan in WhatsApp mod
WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the optio...
Kaspersky Security Bulletin 2020. Statistics
All statistics in this report are from the global cloud service Kaspersky Security Network KSN, which receives information from components in our security solutions. The data was obtained from users who have given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...
Kaspersky Security Bulletin 2018. Story of the year: miners
Kaspersky Security Bulletin 2018. Statistics Kaspersky Security Bulletin 2018. Top security stories Kaspersky Security Bulletin 2018. Threat Predictions for 2019 Cryptocurrency miners that infect the computers of unsuspecting users essentially operate according to the same business model as...
Anomaly detection in certificate-based TGT requests
One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center KDC into granting access to the target companys network. An example of such an...
How cybercrime is impacting SMBs in 2023
According to the United Nations, small and medium-sized businesses SMBs constitute 90 percent of all companies and contribute 60 to 70 percent of all jobs in the world. They generate 50 percent of global gross domestic product and form the backbone of most countries economies. Hit hardest by the...
DeathStalker targets legal entities with new Janicab variant
Just to clarify, the above subheading isnt a normal quote, but a message that Janicab malware attempted to decode in its newest use of YouTube dead-drop resolvers DDRs. While hunting for less common Deathstalker intrusions that use the Janicab malware family, we identified a new Janicab variant...
The state of cryptojacking in the first three quarters of 2022
Cryptocurrency prices were dropping from the end of 2021 and throughout the first half of 2022. Although finance experts and retail investors estimate crypto to have a solid chance of recovery in the long term, at the time of writing this report the prices remain low. However, cybercriminals are...
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
Introduction Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely cras...
Telehealth: a new frontier in medicine—and security
Telehealth today doesnt just involve chatting with a doctor via a video-conferencing application. Its become an entire collection of rapidly developing technologies and products that includes specialized applications, wearable devices, implantable sensors, and cloud databases, many of which have...
GravityRAT: The spy returns
In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team CERT-IN first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, t...
Roaming Mantis dabbles in mining and phishing multilingually
In April 2018, Kaspersky Lab published a blogpost titled 'Roaming Mantis uses DNS hijacking to infect Android smartphones'. Roaming Mantis uses Android malware which is designed to spread via DNS hijacking and targets Android devices. This activity is located mostly in Asia South Korea, Banglades...
Сrimeware and financial cyberthreats in 2025
Kaspersky's Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. We also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware...
CloudSorcerer – A new APT targeting Russian government entities
In May 2024, we discovered a new advanced persistent threat APT targeting Russian government entities that we dubbed CloudSorcerer. Its a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud...
Bypassing 2FA with phishing and OTP bots
Introduction Two-factor authentication 2FA is a security feature we have come to expect as standard by 2024. Most of todays websites offer some form of it, and some of them wont even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types ...
IT threat evolution in Q1 2024. Mobile statistics
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most commo...
A bowl full of security problems: Examining the vulnerabilities of smart pet feeders
Introduction In todays interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. However, as these devices become more sophisticated, they also become more vulnerable ...
Reassessing cyberwarfare. Lessons learned in 2022
At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...
Healthcare security in 2021
The pandemic has turned 2020 into a year of medicine and information technology. The remarkable surge in the criticality level of medical infrastructure, coupled with feasible across-the-board digitalization, led to many of our last years predictions coming true much sooner than expected. As we...
Ghimob: a Tétrade threat actor moves to infect mobile devices
Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting...
IT threat evolution Q2 2020. Mobile statistics
IT threat evolution Q2 2020. Review IT threat evolution Q2 2020. PC statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, the second quarter saw:...
Verizon’s 2020 DBIR
Verizon's 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research. We have contributed to this project and others like it for years now. This...
Cryptocurrency threat predictions for 2019
Kaspersky Security Bulletin: Threat Predictions for 2019 Threat predictions for industrial security in 2019 Cyberthreats to financial institutions 2019: overview and predictions Introduction – key events in 2018 2018 saw cryptocurrency become an established part of many people's lives, and a more...
Dark Tequila Añejo
Dark Tequila is a complex malicious campaign targeting Mexican users, with the primary purpose of stealing financial information, as well as login credentials to popular websites that range from code versioning repositories to public file storage accounts and domain registrars. A multi-stage...
Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign
Introduction During our routine threat monitoring, we uncovered a new phishing campaign tied to a previously unknown APT group that we dubbed Armored Likho also known as Eagle Werewolf based on circumstantial evidence. This targeted campaign focuses heavily on government agencies and the electric...
ToddyCat: your hidden email assistant. Part 2
Introduction We continue to share details on the malicious techniques and toolsets used by the ToddyCat APT group. In the first part of this report, we examined the group's attacks aimed at stealing data from browsers, as well as from local and cloud email services. The methods used in that...
An educational robot security research
In the modern world, we are surrounded by a multitude of smart devices that simplify our daily lives: smart speakers, robotic vacuum cleaners, automatic pet feeders and even entire smart homes. Toy manufacturers are striving to keep up with these trends, releasing more and more models that can al...
HrServ – Previously unknown web shell used in APT attack
Introduction In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led t...
Indicators of compromise (IOCs): how we collect and use them
It would hardly be an exaggeration to say that the phrase "indicators of compromise" or IOCs can be found in every report published on the Securelist. Usually after the phrase there are MD5 hashes1, IP addresses and other technical data that should help information security specialists to counter...
BloodyStealer and gaming assets for sale
Earlier this year, we covered the threats related to gaming, and looked at the changes from 2020 and the first half of 2021 in mobile and PC games as well as various phishing schemes that capitalize on video games. Many of the threats faced by gamers are associated with loss of personal data, and...
Do cybercriminals play cyber games during quarantine?
Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. Some of these changes are definitely for the better, some are not very good, but almost all of them in some way affect digital security issues. We decided to take a closer...
The rise of mobile banker Asacub
We encountered the Trojan-Banker.AndroidOS.Asacub family for the first time in 2015, when the first versions of the malware were detected, analyzed, and found to be more adept at spying than stealing funds. The Trojan has evolved since then, aided by a large-scale distribution campaign by its...
Threat Predictions for Financial Services and Fraud in 2018
The landscape in 2017 In 2017 we've seen fraud attacks in financial services become increasingly account-centric. Customer data is a key enabler for large-scale fraud attacks and the frequency of data breaches among other successful attack types has provided cybercriminals with valuable sources o...
Argamal: Malware hidden in hentai games
In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...
Head Mare and Twelve join forces to attack Russian entities
Introduction In September 2024, a series of attacks targeted Russian companies, revealing indicators of compromise and tactics associated with two hacktivist groups: Head Mare and Twelve. Our investigation showed that Head Mare relied heavily on tools previously associated with Twelve...
Attackers exploiting a patched FortiClient EMS vulnerability in the wild
Introduction During a recent incident response, Kaspersky's GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company's networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of S...
Cinterion EHS5 3G UMTS/HSPA Module Research
Modems play an important role in enabling connectivity for a wide range of devices. This includes not only traditional mobile devices and household appliances, but also telecommunication systems in vehicles, ATMs and Automated Process Control Systems APCS. When integrating the modem, many product...
Financial cyberthreats in 2023
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...
How to catch a wild triangle
In the beginning of 2023, thanks to our Kaspersky Unified Monitoring and Analysis Platform KUMA SIEM system, we noticed suspicious network activity that turned out to be an ongoing attack targeting the iPhones and iPads of our colleagues. The moment we understood that there was a clear pattern in...
Money-making scripts attack organizations
In April of this year, the FBI published an advisory on attacks targeting government, law enforcement, and non-profit organizations. Attackers download scripts onto victims devices, delivering several types of malware all at once. The main aim is to utilize company resources for mining, steal dat...
Minas – on the way to complexity
Sometimes when investigating an infection and focusing on a targeted attack, we come across something we were not expecting. The case described below is one such occurrence. In June 2022, we found a suspicious shellcode running in the memory of a system process. We decided to dig deeper and...
Copy-paste heist or clipboard-injector attacks on cryptousers
It is often the case that something new is just a reincarnation of something old. We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. Although we have written about a similar malware attack in 2017 in one of our blogpost...
Luna and Black Basta — new ransomware for Windows, Linux and ESXi
Introduction In our crimeware reporting service, we analyze the latest crime-related trends we come across. If we look back at what we covered last month, we will see that ransomware surprise, surprise! definitely stands out. In this blog post, we provide several excerpts from last months reports...
Text-based fraud: from 419 scams to vishing
E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. But there is a specific class of attacks that is technically stuck somewhere in the late 90s/early 00s, in the era of CRT monitors and sluggish internet: we are...
IT threat evolution in Q1 2022. Mobile statistics
IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...
SAS 2021: Operation Software Concepts
During the Operation Software Concepts: A Beautiful Envelope for Wrapping Weapon talk on SAS-at-Home 2021, Rintaro Koike, Shogo Hayashi and Ryuichi Tanabe from NTT Security Japan will cover a new APT campaign named Operation Software Concepts. They will share details about this multi-stage attack...
Detecting unknown threats: a honeypot how-to
Catching threats is tricky business, especially in todays threat landscape. To tackle this problem, for many years сybersecurity researchers have been using honeypots – a well-known deception technique in the industry. Dan Demeter, Senior Security Researcher with Kasperskys Global Research and...
Web skimming with Google Analytics
Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource. If the attack is successful, the cybercriminals gain access to...
Microcin is here
In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. What initially attracted our attention was the enterprise-grade API-like application programming interface programming style. Such an approach is n...
A study of car sharing apps
The growing popularity of car sharing services has led some experts to predict an end to private car ownership in big cities. The statistics appear to back up this claim: for example, in 2017 Moscow saw the car sharing fleet, the number of active users and the number of trips they made almost...