Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2017/12/05 10:0 a.m.30 views

Kaspersky Security Bulletin: Review of the Year 2017

Introduction The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat...

6.9AI score
Exploits0
Securelist
Securelist
added 2026/04/13 9:0 a.m.29 views

JanelaRAT: a financial threat targeting users in Latin America

Background JanelaRAT is a malware family that takes its name from the Portuguese word "janela" which means "window". JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has...

6.1AI score
Exploits0
Securelist
Securelist
added 2025/05/30 12:0 p.m.29 views

Exploits and vulnerabilities in Q1 2025

The first quarter of 2025 saw the continued publication of vulnerabilities discovered and fixed in 2024, as some researchers were previously unable to disclose the details. This partially shifted the focus away from vulnerabilities that received new CVE-2025-NNNNN identifiers. The nature of the C...

9.3CVSS9AI score0.99945EPSS
Exploits351
Securelist
Securelist
added 2025/04/17 8:0 a.m.29 views

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Day after day, threat actors create new malware to use in cyberattacks. Each of these new implants is developed in its own way, and as a result gets its own destiny – while the use of some malware families is reported for decades, information about others disappears after days, months or several...

7.8CVSS8AI score0.73381EPSS
Exploits11
Securelist
Securelist
added 2025/02/26 10:0 a.m.29 views

Exploits and vulnerabilities in Q4 2024

Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept PoC instances decreased compared to 2023. Among notable techniques in Q4, attackers leveraged...

8.8CVSS10AI score0.99945EPSS
Exploits249
Securelist
Securelist
added 2024/12/09 10:0 a.m.29 views

Story of the Year: global IT outages and supply chain attacks

A faulty update by cybersecurity firm CrowdStrike triggered one of the largest IT outages in history, impacting approximately 8.5 million systems worldwide. This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. With large-scale...

7.8CVSS7.6AI score0.51865EPSS
Exploits13
Securelist
Securelist
added 2024/09/23 10:0 a.m.29 views

How the Necro Trojan infiltrated Google Play, again

Introduction We sometimes come across modified applications when analyzing suspicious files. These are created in response to user requests for more customization options within the app or for new features that the official versions don't have. Unfortunately, it's not uncommon for popular mods to...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/09/03 8:0 a.m.29 views

IT threat evolution in Q2 2024. Non-mobile statistics

The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures In Q2 2024: Kaspersky solutions blocked over 664 million attacks from various internet sources. The web antivirus...

9.8CVSS7.7AI score0.99987EPSS
Exploits64
Securelist
Securelist
added 2023/06/15 10:0 a.m.29 views

Understanding Malware-as-a-Service

Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercrimina...

7AI score
Exploits0
Securelist
Securelist
added 2023/06/12 10:0 a.m.29 views

Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency

Introduction Stealing cryptocurrencies is nothing new. For example, the Mt. Gox exchange was robbed of many bitcoins back in the beginning of 2010s. Attackers such as those behind the Coinvault ransomware were after your Bitcoin wallets, too. Since then, stealing cryptocurrencies has continued to...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/06/05 10:0 a.m.29 views

Satacom delivers browser extension that steals cryptocurrency

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/04/13 8:0 a.m.29 views

Uncommon infection methods—part 2

Introduction Although ransomware is still a hot topic on which we will keep on publishing, we also investigate and publish about other threats. Recently we explored the topic of infection methods, including malvertising and malicious downloads. In this blog post, we provide excerpts from the rece...

7.3AI score
Exploits0
Securelist
Securelist
added 2022/12/06 10:0 a.m.29 views

Main phishing and scamming trends and techniques

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on...

7AI score
Exploits0
Securelist
Securelist
added 2022/07/28 12:0 p.m.29 views

LofyLife: malicious npm packages steal Discord tokens and bank card data

On July 26, using the internal automated system for monitoring open-source repositories, we identified four suspicious packages in the Node Package Manager npm repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign...

0.1AI score
Exploits0
Securelist
Securelist
added 2022/06/02 10:0 a.m.29 views

WinDealer dealing on the side

Introduction LuoYu is a lesser-known threat actor that has been active since 2008. It primarily goes after targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and...

0.2AI score
Exploits0
Securelist
Securelist
added 2022/05/17 2:0 p.m.29 views

Evaluation of cyber activities and the threat landscape in Ukraine

Introduction When the war in Ukraine broke out, many analysts were surprised to discover that what was simultaneously happening in the cyber domain did not match their predictions1. Since the beginning of the fighting, new cyberattacks taking place in Ukraine have been identified every week, whic...

7AI score
Exploits0
Securelist
Securelist
added 2021/11/23 10:0 a.m.29 views

Threats to ICS and industrial enterprises in 2022

Continuing trends In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming yea...

7.3AI score
Exploits0
Securelist
Securelist
added 2021/09/09 10:0 a.m.29 views

Threat landscape for industrial automation systems in H1 2021

The H1 2021 ICS threat report at a glance Percentage of ICS computers attacked 1. During the first half of 2021 H1 2021, the percentage of attacked ICS computers was 8%, which was 0.4 percentage points p.p. higher than that for H2 2020. Percentage of ICS computers on which malicious objects were...

2AI score
Exploits0
Securelist
Securelist
added 2020/07/08 12:0 p.m.29 views

Redirect auction

Weve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too...

7.3AI score
Exploits0
Securelist
Securelist
added 2020/02/27 2:0 p.m.29 views

Roaming Mantis, part V

Kaspersky has continued to track the Roaming Mantis campaign. The group's attack methods have improved and new targets continuously added in order to steal more funds. The attackers' focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis...

0.5AI score
Exploits0
Securelist
Securelist
added 2018/02/08 10:0 a.m.29 views

A vulnerable driver: lesson almost learned

Recently, we started receiving suspicious events from our internal sandbox Exploit Checker plugin. Our heuristics for supervisor mode code execution in the user address space were constantly being triggered, and an executable file was being flagged for further analysis. At first, it looked like...

8.2AI score
Exploits0
Securelist
Securelist
added 2017/11/15 10:2 a.m.29 views

Threat Predictions for Connected Health in 2018

The landscape in 2017 In 2017, Kaspersky Lab research revealed the extent to which medical information and patient data stored within the connected healthcare infrastructure is left unprotected and accessible online for any motivated cybercriminal to discover. For example, we found open access to...

6.9AI score
Exploits0
Securelist
Securelist
added 2017/06/27 11:1 a.m.29 views

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus Trojan-Spy.Win32.Zbot, based on classification of "Kaspersky Lab", which continues to spawn new...

6.9AI score
Exploits0
Securelist
Securelist
added 2024/12/18 10:0 a.m.28 views

Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations

About C.A.S C.A.S Cyber Anarchy Squad is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group's attacks exploit vulnerabilities in publicly available...

8.4AI score
Exploits0
Securelist
Securelist
added 2024/05/23 9:0 a.m.28 views

A journey into forgotten Null Session and MS-RPC interfaces

A journey into forgotten Null Session and MS-RPC interfaces PDF It has been almost 24 years since the null session vulnerability was discovered. Back then, it was possible to access SMB named pipes using empty credentials and collect domain information. Most often, attackers leveraged null sessio...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/12/05 10:0 a.m.28 views

BlueNoroff: new Trojan attacking macOS users

We recently discovered a new variety of malicious loader that targets macOS, presumably linked to the BlueNoroff APT gang and its ongoing campaign known as RustBucket. The threat actor is known to attack financial organizations, particularly companies, whose activity is in any way related to...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/09/08 10:0 a.m.28 views

Evil Telegram doppelganger attacks Chinese users

UPDATE 11.09.2023. Google has informed us that all the apps were deleted from the Google Play store A while ago we discovered a bunch of Telegram mods on Google Play with descriptions in traditional Chinese, simplified Chinese and Uighur. The vendor says these are the fastest apps which use a...

7AI score
Exploits0
Securelist
Securelist
added 2023/06/01 12:36 p.m.28 views

Operation Triangulation: iOS devices targeted with previously unknown malware

While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform KUMA, we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS device...

7AI score
Exploits0
Securelist
Securelist
added 2022/12/22 8:0 a.m.28 views

Ransomware and wiper signed with stolen certificates

Introduction On July 17, 2022, Albanian news outlets reported a massive cyberattack that affected Albanian government e-services. A few weeks later, it was revealed that the cyberattacks were part of a coordinated effort likely intended to cripple the countrys computer systems. On September 10,...

1.1AI score
Exploits0
Securelist
Securelist
added 2022/11/25 8:0 a.m.28 views

Who tracked internet users in 2021–2022

Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked devices collect data on you with the help of trackers installed on web pages or in software. The websites and services send...

1.2AI score
Exploits0
Securelist
Securelist
added 2022/09/28 8:0 a.m.28 views

Prilex: the pricey prickle credit card complex

Prilex is a Brazilian threat actor that has evolved out of ATM-focused malware into modular point-of-sale malware. The group was behind one of the largest attacks on ATMs in the country, infecting and jackpotting more than 1,000 machines, while also cloning in excess of 28,000 credit cards that...

0.4AI score
Exploits0
Securelist
Securelist
added 2022/07/06 10:0 a.m.28 views

Dynamic analysis of firmware components in IoT devices

Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object ...

6.7AI score
Exploits0
Securelist
Securelist
added 2022/06/15 10:0 a.m.28 views

How much does access to corporate infrastructure cost?

Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion using ransomware and carding. However, there is demand on the dark web not only for data obtained through an...

Exploits0
Securelist
Securelist
added 2020/09/29 2:0 p.m.28 views

Why master YARA: from routine to extreme threat hunting cases. Follow-up

On 3rd of September, we were hosting our "Experts Talk. Why master YARA: from routine to extreme threat hunting cases", in which several experts from our Global Research and Analysis Team and invited speakers shared their best practices on YARA usage. At the same time, we also presented our new...

6.8AI score
Exploits0
Securelist
Securelist
added 2018/03/28 10:0 a.m.28 views

Your new friend, KLara

While doing threat research, teams need a lot of tools and systems to aid their hunting efforts – from systems storing Passive DNS data and automated malware classification to systems allowing researchers to pattern-match a large volume of data in a relatively short period of time. These tools ar...

6.9AI score
Exploits0
Securelist
Securelist
added 2017/06/26 9:0 a.m.28 views

KSN Report: Ransomware in 2016-2017

This report has been prepared using depersonalized data processed by Kaspersky Security Network KSN. The metrics are based on the number of distinct users of Kaspersky Lab products with the KSN feature enabled, who encountered ransomware at least once in a given period, as well as research into t...

7.2AI score
Exploits0
Securelist
Securelist
added 2026/07/06 9:0 a.m.27 views

When checking the URL isn’t enough: a Device Code Phishing attack via a Microsoft website

One of the most common pieces of anti-phishing advice is to double-check the website's domain name before providing your credentials. Typically, a fraudulent domain stands out to the trained eye, differing from the official URL by at least a few characters. Recently, however, we encountered a...

6AI score
Exploits0
Securelist
Securelist
added 2025/03/19 10:0 a.m.27 views

Arcane stealer: We want all your data

At the end of 2024, we discovered a new stealer distributed via YouTube videos promoting game cheats. What's intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla...

7.3AI score
Exploits0
Securelist
Securelist
added 2025/01/30 8:0 a.m.27 views

No need to RSVP: a closer look at the Tria stealer campaign

Introduction Since mid-2024, we've observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app APK, which we have named "Tria Stealer" after unique strings found in campaign samples. The primary targets of the...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/10/07 10:0 a.m.27 views

Awaken Likho is awake: new techniques of an APT group

Introduction In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/08/20 12:0 p.m.27 views

Approach to mainframe penetration testing on z/OS

Information technology is developing at a rapid pace, with completely new areas emerging, such as DevOps and DevSecOps – and were striving to keep up. However, in some projects, you may encounter systems built on rather outdated principles. Such systems must be approached with care, since a singl...

10CVSS7.6AI score0.04397EPSS
Exploits1
Securelist
Securelist
added 2024/05/27 10:0 a.m.27 views

Threat landscape for industrial automation systems, Q1 2024

Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of IC...

7.5AI score
Exploits0
Securelist
Securelist
added 2024/04/15 10:0 a.m.27 views

Using the LockBit builder to generate targeted ransomware

The previous Kaspersky research focused on a detailed analysis of the LockBit 3.0 builder leaked in 2022. Since then, attackers have been able to generate customized versions of the threat according to their needs. This opens up numerous possibilities for malicious actors to make their attacks mo...

7.8AI score
Exploits0
Securelist
Securelist
added 2024/03/20 11:0 a.m.27 views

Android malware, Android malware and more Android malware

Introduction Malware for mobile devices is something we come across very often. In 2023, our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023s most resonant attacks was Operation Triangulation, targeting iOS, but that was rather a unique case...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/02/26 8:0 a.m.27 views

The mobile malware threat landscape in 2023

The figures above are based on detection statistics received from Kaspersky users who consented to sharing usage data with Kaspersky Security Network. The data for years preceding 2023 may differ from that published previously, as the calculation methodology was refined, and the data was...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/04/17 10:0 a.m.27 views

QBot banker delivered through business correspondence

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family aka QakBot, QuackBot, and Pinkslipbot. The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and...

6.7AI score
Exploits0
Securelist
Securelist
added 2023/04/12 8:0 a.m.27 views

Following the Lazarus group by tracking DeathNote campaign

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, well focus on an active cluster that we dubbed DeathNote because the malware responsible for...

8.1AI score
Exploits0
Securelist
Securelist
added 2022/11/15 10:0 a.m.27 views

DTrack activity targeting Europe and Latin America

Introduction DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019, the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. For example, weve seen it being used in financial environments where ATMs were breached, in...

6.8AI score
Exploits0
Securelist
Securelist
added 2022/08/15 12:0 p.m.27 views

IT threat evolution in Q2 2022. Mobile statistics

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

7.2AI score
Exploits0
Securelist
Securelist
added 2022/08/10 10:0 a.m.27 views

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

In late August 2020, we published an overview of DeathStalkers profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns PowerPepper was later documented in 2020. Notably, we exposed why we believe the threat actor may fit a group of mercenaries, offering...

0.1AI score
Exploits0
Total number of security vulnerabilities1025