Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2022/08/15 12:0 p.m.27 views

IT threat evolution in Q2 2022. Mobile statistics

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

7.2AI score
Exploits0
Securelist
Securelist
added 2022/08/10 10:0 a.m.27 views

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

In late August 2020, we published an overview of DeathStalkers profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns PowerPepper was later documented in 2020. Notably, we exposed why we believe the threat actor may fit a group of mercenaries, offering...

0.1AI score
Exploits0
Securelist
Securelist
added 2022/05/25 10:0 a.m.27 views

What’s wrong with automotive mobile apps?

Introduction The recent story about the 19-year-old hacker who took control of several dozen Tesla cars has become something of a sensation. We already know that there was an issue with a third-party app that enabled access to data from Teslas. This made it possible for the security researcher to...

0.9AI score
Exploits0
Securelist
Securelist
added 2021/11/17 10:0 a.m.27 views

Advanced threat predictions for 2022

Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict what might lie ahead in the coming year. Based on the collective knowledge and insights of our experts, w...

7.5AI score
Exploits0
Securelist
Securelist
added 2021/11/08 10:0 a.m.27 views

DDoS attacks in Q3 2021

News overview Q3 2021 brought two new DDoS attack vectors, potentially posing a serious threat, including for major web resources. A team of researchers from the University of Maryland and the University of Colorado Boulder found a way to spoof the victims IP address over TCP. To date,...

7.1AI score
Exploits0
Securelist
Securelist
added 2021/09/02 10:0 a.m.27 views

QakBot technical analysis

Main description QakBot, also known as QBot, QuackBot and Pinkslipbot, is a banking Trojan that has existed for over a decade. It was found in the wild in 2007 and since then it has been continually maintained and developed. In recent years, QakBot has become one of the leading banking Trojans...

Exploits0
Securelist
Securelist
added 2020/11/06 3:23 p.m.27 views

RansomEXX Trojan attacks Linux systems

We recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems. After the initial analysis we noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach ...

Exploits0
Securelist
Securelist
added 2018/06/01 9:0 a.m.27 views

Netkids

Children today are completely at home in the digital space. They use digital diaries and textbooks at school, communicate via instant messaging, play games on mobile devices not to mention PCs and consoles, and create mini masterpieces on tablets and laptops. This total immersion in the digital...

0.6AI score
Exploits0
Securelist
Securelist
added 2018/05/29 10:0 a.m.27 views

Trojan watch

We continue to research how proliferation of IoT devices affects the daily lives of users and their information security. In our previous study, we touched upon ways of intercepting authentication data using single-board microcomputers. This time, we turned out attention to wearable devices:...

6.6AI score
Exploits0
Securelist
Securelist
added 2017/12/06 9:0 a.m.27 views

Cybercriminals vs financial institutions in 2018: what to expect

Introduction – key events in 2017 2017 was a year of great changes in the world of cyberthreats facing financial organizations. Firstly, in 2017 we witnessed a continuation of cyberattacks targeting systems running SWIFT — a fundamental part of the world's financial ecosystem. Attackers were able...

7.2AI score
Exploits0
Securelist
Securelist
added 2025/06/09 10:0 a.m.26 views

Sleep with one eye open: how Librarian Ghouls steal data by night

Introduction Librarian Ghouls, also known as "Rare Werewolf" and "Rezet", is an APT group that targets entities in Russia and the CIS. Other security vendors are also monitoring this APT and releasing analyses of its campaigns. The group has remained active through May 2025, consistently targetin...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/11/29 10:0 a.m.26 views

IT threat evolution Q3 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations...

8.2AI score0.97798EPSS
Exploits49
Securelist
Securelist
added 2022/10/04 10:0 a.m.26 views

OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

While performing regular threat hunting activities, we identified multiple downloads of previously unclustered malicious Tor Browser installers. According to our telemetry, all the victims targeted by these installers are located in China. As the Tor Browser website is blocked in China, individua...

Exploits0
Securelist
Securelist
added 2022/05/27 8:0 a.m.26 views

IT threat evolution Q1 2022

IT threat evolution in Q1 2022 IT threat evolution in Q1 2022. Non-mobile statistics IT threat evolution in Q1 2022. Mobile statistics Targeted attacks MoonBounce: the dark side of UEFI firmware Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware...

6.8AI score
Exploits0
Securelist
Securelist
added 2022/05/23 10:0 a.m.26 views

ISaPWN – research on the security of ISaGRAF Runtime

In early 2020, we notified the Rockwell Automation Product Security Incident Response Team RA PSIRT of several vulnerabilities we had identified in the ISaGRAF Runtime execution environment. According to public sources of information, ISaGRAF Runtime is used as an automation framework in multiple...

2.2AI score
Exploits0
Securelist
Securelist
added 2021/11/26 12:0 p.m.26 views

IT threat evolution in Q3 2021. Mobile statistics

IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersk...

6.9AI score
Exploits0
Securelist
Securelist
added 2021/09/03 10:0 a.m.26 views

Applied YARA training Q&A

Introduction On August 31, 2021 we ran a joint webinar between VirusTotal and Kaspersky, with a focus on YARA rules best practices and real world examples. If you didnt have the chance to watch the webinar live, you can see it as a recording on Brighttalk: Applied YARA training. During the webina...

7.2AI score
Exploits0
Securelist
Securelist
added 2018/05/23 10:0 a.m.26 views

Spam and phishing in Q1 2018

Quarterly highlights Data leaks Early 2018 will be remembered for a series of data leak scandals. The most high-profile saw Facebook CEO Mark Zuckerberg grilled by US Congress, with many public figures supporting the Delete Facebook campaign. As a result, Zuckerberg promised to get tough and make...

0.1AI score
Exploits0
Securelist
Securelist
added 2018/02/06 9:1 a.m.26 views

DDoS attacks in Q4 2017

News overview In terms of news about DDoS attacks, the last quarter of 2017 was livelier than the previous one. Some major botnets were discovered and destroyed. For instance, early December saw the FBI, Microsoft, and Europol team up to knock out the Andromeda botnet, in operation since 2011. In...

7.4AI score
Exploits0
Securelist
Securelist
added 2025/07/30 9:0 a.m.25 views

Cobalt Strike Beacon delivered via GitHub and social media

Introduction In the latter half of 2024, the Russian IT industry, alongside a number of entities in other countries, experienced a notable cyberattack. The attackers employed a range of malicious techniques to trick security systems and remain undetected. To bypass detection, they delivered...

7AI score
Exploits0
Securelist
Securelist
added 2025/06/11 10:0 a.m.25 views

Toxic trend: Another malware threat targets DeepSeek

Introduction DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We previously reported attacks with malware being spread under the guise of DeepSeek to...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/04/10 10:0 a.m.25 views

GOFFEE continues to attack organizations in Russia

GOFFEE is a threat actor that first came to our attention in early 2022. Since then, we have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in May 2022 and up until summer of...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/05/27 1:0 p.m.25 views

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, weve seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

6.4AI score
Exploits0
Securelist
Securelist
added 2024/03/19 10:0 a.m.25 views

Threat landscape for industrial automation systems. H2 2023

Global statistics across all threats In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year Selected industries In H2 2023, building...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/01/31 10:0 a.m.25 views

ICS and OT threat predictions for 2024

We do not expect rapid changes in the industrial cyberthreat landscape in 2024. Most of the below-described trends have been observed before, many for some years. However, some of them have reached a critical mass of creeping changes, which could lead to a qualitative shift in the threat landscap...

7.2AI score
Exploits0
Securelist
Securelist
added 2023/11/23 10:0 a.m.25 views

Consumer cyberthreats: predictions for 2024

In our previous summary of consumer predictions, we delved into tactics that we expected scammers and cybercriminals to use in 2023. As anticipated, they capitalized on major events and cultural crazes, using tricks that ranged from fake Barbie doll deals to exploiting the buzz around long-awaite...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/04/10 8:0 a.m.25 views

Overview of Google Play threats sold on the dark web

In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to...

7.2AI score
Exploits0
Securelist
Securelist
added 2022/10/31 8:0 a.m.25 views

APT10: Tracking down LODEINFO 2022, part I

Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. The...

7AI score
Exploits0
Securelist
Securelist
added 2022/09/23 8:0 a.m.25 views

Mass email campaign with a pinch of targeted spam

Most mass malicious mailing campaigns are very primitive and hardly diverse, with the content limited to several sentences offering the user to download archives that supposedly contain some urgent bills or unpaid fines. The email messages may contain no signatures or logos, with typos and other...

0.1AI score
Exploits0
Securelist
Securelist
added 2022/09/15 8:0 a.m.25 views

Self-spreading stealer attacks gamers via YouTube

UPD: A notice on Googles response to the issue was added. An unusual malicious bundle a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality recently caught our eye. Its main payload is the...

7.5AI score
Exploits0
Securelist
Securelist
added 2022/04/18 10:0 a.m.25 views

How to recover files encrypted by Yanluowang

Yanluowang is a type of targeted ransomware discovered by the Symantec Threat Hunter team as they were investigating an incident on a large corporate network. Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this...

0.9AI score
Exploits0
Securelist
Securelist
added 2021/09/13 11:0 a.m.25 views

Incident response analyst report 2020

Download full report PDF The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. We deliver a range of services to help organizations when they are in need: incident response, digital forensics and malware analysis. Data in the...

1.4AI score
Exploits0
Securelist
Securelist
added 2026/07/01 10:0 a.m.24 views

The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign

UPD 03.07.2026: added a package of rules and recommendations that help detect the described malicious activity for companies using our Kaspersky SIEM system. Introduction To access compromised systems, threat actors frequently abuse legitimate remote monitoring tools. At first glance, these...

6.1AI score
Exploits0
Securelist
Securelist
added 2025/10/27 3:0 a.m.24 views

Mem3nt0 mori – The Hacking Team is back!

In March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was...

10CVSS9.1AI score0.08404EPSS
Exploits6
Securelist
Securelist
added 2025/04/07 10:0 a.m.24 views

How ToddyCat tried to hide behind AV software

To hide their activity in infected systems, APT groups resort to various techniques to bypass defenses. Most of these techniques are well known and detectable by both EPP solutions and EDR threat-monitoring and response tools. For example, to hide their activity in Windows systems, cybercriminals...

8.4CVSS8.2AI score0.02014EPSS
Exploits0
Securelist
Securelist
added 2023/07/05 10:0 a.m.24 views

Email crypto phishing scams: stealing from hot and cold crypto wallets

The higher the global popularity of cryptocurrencies and the more new ways of storing them, the wider the arsenal of tools used by malicious actors who are after digital money. Scammers tailor the complexity of technology they use and the thoroughness of their efforts to imitate legitimate websit...

7.2AI score
Exploits0
Securelist
Securelist
added 2021/12/15 10:0 a.m.24 views

Kaspersky Security Bulletin 2021. Statistics

All statistics in this report are from the global cloud service Kaspersky Security Network KSN, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...

2.1AI score
Exploits0
Securelist
Securelist
added 2021/11/29 10:0 a.m.24 views

ScarCruft surveilling North Korean defectors and human rights activists

The ScarCruft group also known as APT37 or Temp.Reaper is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news and government organizations related to the Korean Peninsula, between others...

7.7AI score
Exploits0
Securelist
Securelist
added 2020/07/21 10:0 a.m.24 views

GReAT thoughts: Awesome IDA Pro plugins

The Global Research & Analysis Team here at Kaspersky has a tradition of meeting up once a month and sharing cutting-edge research, interesting techniques and useful tools. We recently took the unprecedented decision to make our internal meetings public for a few months and present them as a seri...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/12/29 10:0 a.m.23 views

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Overview of the attacks In mid-2025, we identified a malicious driver file on computer systems in Asia. The driver file is signed with an old, stolen, or leaked digital certificate and registers as a mini-filter driver on infected machines. Its end-goal is to inject a backdoor Trojan into the...

7.5AI score
Exploits0
Securelist
Securelist
added 2025/05/21 10:0 a.m.23 views

Dero miner zombies biting through Docker APIs to build a cryptojacking horde

Introduction Imagine a container zombie outbreak where a single infected container scans the internet for an exposed Docker API, and bites exploits it by creating new malicious containers and compromising the running ones, thus transforming them into new "zombies" that will mine for Dero currency...

7.9AI score
Exploits0
Securelist
Securelist
added 2024/12/19 10:0 a.m.23 views

Lazarus group evolves its infection chain with old and new malware

Over the past few years, the Lazarus group has been distributing its malicious software by exploiting fake job opportunities targeting employees in various industries, including defense, aerospace, cryptocurrency, and other global sectors. This attack campaign is called the DeathNote campaign and...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/11/28 10:0 a.m.23 views

APT trends report Q3 2024

Kaspersky's Global Research and Analysis Team GReAT has been releasing quarterly summaries of advanced persistent threat APT activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we've published and discussed in more...

7.8CVSS7.5AI score0.11977EPSS
Exploits2
Securelist
Securelist
added 2024/10/23 11:0 a.m.23 views

The Crypto Game of Lazarus APT: Investors vs. Zero-days

Introduction Lazarus APT and its BlueNoroff subgroup are a highly sophisticated and multifaceted Korean-speaking threat actor. We closely monitor their activities and quite often see them using their signature malware in their attacks — a full-feature backdoor called Manuscrypt. According to our...

9.6CVSS7.7AI score0.15111EPSS
Exploits2
Securelist
Securelist
added 2024/08/22 10:0 a.m.23 views

Memory corruption vulnerabilities in Suricata and FreeRDP

As a cybersecurity company, before we release our products, we perform penetration tests on them to make sure they are secure. Recently, new versions of KasperskyOS-based products were released, namely Kaspersky Thin Client KTC and Kaspersky IoT Secure Gateway KISG. As part of the pre-release...

9.8CVSS8.3AI score0.0375EPSS
Exploits1
Securelist
Securelist
added 2024/05/22 10:0 a.m.23 views

Stealers, stealers and more stealers

Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers see here, here and here, and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid a new...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/04/17 10:0 a.m.23 views

SoumniBot: the new Android banker’s unique techniques

The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception. As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/08/10 8:0 a.m.23 views

Common TTPs of attacks against industrial organizations

In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Based on similarities found between these campaigns and...

7.7AI score
Exploits0
Securelist
Securelist
added 2023/06/28 10:0 a.m.23 views

Andariel’s silly mistakes and a new malware family

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. During the same period, Andariel also actively exploited the Log4j vulnerability as reported by Talos and Ahnlab. Their campaign introduced several new malware...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/03/30 10:0 a.m.23 views

Selecting the right MSSP: Guidelines for making an objective decision

Managed Security Service Providers MSSPs have become an increasingly popular choice for organizations nowadays following the trend to outsource security services. Meanwhile, with the growing number of MSSPs in the market, it can be difficult for organizations to determine which provider will fit ...

6.5AI score
Exploits0
Total number of security vulnerabilities1025