Lucene search
K
SecurelistMost viewed

1025 matches found

Securelist
Securelist
added 2022/09/26 8:0 a.m.23 views

NullMixer: oodles of Trojans in a single dropper

Executive Summary NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that can be found mainly via search engines. These websites are often related to crack, keygen and activators for downloading software illegally,...

Exploits0
Securelist
Securelist
added 2022/08/25 1:0 a.m.23 views

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky also known as Thallium, Black Banshee and Velvet Chollima is a prolific and active threat actor primarily targeting Korea-related entities. Like other sophisticated adversaries, this group also updates its tools very quickly. In early 2022, we observed this group was attacking the media a...

7AI score
Exploits0
Securelist
Securelist
added 2021/09/16 10:0 a.m.23 views

Summer 2021: Friday Night Funkin’, Måneskin and pop it

This summer, several events that were postponed from 2020 due to the pandemic took place. Some of them interested children, while others barely registered by them. It is worth noting that childrens hobbies typically do not change from winter to summer — the only difference is that they devote mor...

6.6AI score
Exploits0
Securelist
Securelist
added 2017/06/08 8:58 a.m.23 views

Dvmap: the first Android malware with code injection

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Kaspersky Lab products detect it as...

7.5AI score
Exploits0
Securelist
Securelist
added 2026/06/02 12:0 p.m.22 views

Wardriving assessment across Mexico: Preparing for the 2026 World Cup

Introduction Mexico is one of the host countries for the 2026 FIFA World Cup, with matches to be played in three major cities: Mexico City, Monterrey, and Guadalajara. These locations are expected to see a large influx of international visitors, increasing the potential security risks. Many of...

5.6AI score
Exploits0
Securelist
Securelist
added 2025/11/28 7:0 a.m.22 views

Tomiris wreaks Havoc: New tools and techniques of the APT group

While tracking the activities of the Tomiris threat actor, we identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic...

8.5AI score
Exploits0
Securelist
Securelist
added 2025/05/28 10:0 a.m.22 views

Zanubis in motion: Tracing the active evolution of the Android banking malware

Introduction Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The main infection vector of Zanubis is impersonating legitimate Peruvian...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/10/22 6:0 p.m.22 views

Grandoreiro, the global trojan with grandiose goals

Grandoreiro is a well-known Brazilian banking trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim's computer to bypass the security measures of banking institutions. It's been active since at least 2016 and is now one of...

7.4AI score
Exploits0
Securelist
Securelist
added 2023/09/27 10:0 a.m.22 views

QR codes in email phishing

QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you dont see lots of QR cod...

7.1AI score
Exploits0
Securelist
Securelist
added 2023/08/25 10:0 a.m.22 views

Lockbit leak, research opportunities on tools leaked from TAs

Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service RaaS program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted...

7.3AI score
Exploits0
Securelist
Securelist
added 2023/03/27 8:0 a.m.22 views

How scammers employ IPFS for email phishing

The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, whe...

6.3AI score
Exploits0
Securelist
Securelist
added 2023/01/30 10:0 a.m.22 views

Come to the dark side: hunting IT professionals on the dark web

The dark web is a collective name for a variety of websites and marketplaces that bring together individuals willing to engage in illicit or shady activities. Dark web forums contain ads for selling and buying stolen data, offers to code malware and hack websites, posts seeking like-minded...

7.6AI score
Exploits0
Securelist
Securelist
added 2023/01/23 10:0 a.m.22 views

What your SOC will be facing in 2023

As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers SOCs is becoming paramount. This years Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first par...

0.3AI score
Exploits0
Securelist
Securelist
added 2022/12/01 11:0 a.m.22 views

Kaspersky Security Bulletin 2022. Statistics

All statistics in this report are from the global cloud service Kaspersky Security Network KSN, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...

2.1AI score
Exploits0
Securelist
Securelist
added 2022/10/17 6:37 p.m.22 views

DiceyF deploys GamePlayerFramework in online casino development studio

The Hacktivity 2022 security festival was held at the MOM Cultural Center in Budapest, Hungary, over two days, October 6-7th 2022. One of several presentations by our GReAT researchers included an interesting set of APT activity targeting online casino development and operations environments in...

0.8AI score
Exploits0
Securelist
Securelist
added 2022/06/20 10:0 a.m.22 views

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

Introduction When reports of a cyberattack appear in the headlines, questions abound regarding who launched it and why. Even if an attacker has what are to it perfectly rational reasons for conducting such an attack, these reasons are often known only to them. The rest of the world, including the...

Exploits0
Securelist
Securelist
added 2022/06/08 10:0 a.m.22 views

Router security in 2021

A router is a gateway from the internet to a home or office — despite being conceived quite the opposite. Routers are forever being hacked and infected, and used to infiltrate local networks. Keeping this gate locked so that no one can stroll right through is no easy task. It is not always clear...

0.2AI score
Exploits0
Securelist
Securelist
added 2021/12/20 10:0 a.m.22 views

How and why do we attack our own Anti-Spam?

We often use machine-learning ML technologies to improve the quality of cybersecurity systems. But machine-learning models can be susceptible to attacks that aim to "fool" them into delivering erroneous results. This can lead to significant damage to both our company and our clients. Therefore, i...

0.1AI score
Exploits0
Securelist
Securelist
added 2021/09/29 2:45 p.m.22 views

DarkHalo after SolarWinds: the Tomiris connection

Background In December 2020, news of the SolarWinds incident took the world by storm. While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile natur...

7AI score
Exploits0
Securelist
Securelist
added 2021/09/21 11:0 a.m.22 views

Detection evasion in CLR and tips on how to detect such attacks

In terms of costs, the age-old battle that pits attacker versus defender has become very one sided in recent years. Almost all modern attacks and ethical offensive exercises use Mimikatz, SharpHound, SeatBelt, Rubeus, GhostPack and other toolsets available to the community. This so-called...

7.9AI score
Exploits0
Securelist
Securelist
added 2020/06/23 10:0 a.m.22 views

Oh, what a boot-iful mornin’

In mid-April, our threat monitoring systems detected malicious files being distributed under the name "on the new initiative of the World Bank in connection with the coronavirus pandemic" in Russian with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit. There is nothin...

7.7AI score
Exploits0
Securelist
Securelist
added 2026/06/01 10:0 a.m.21 views

Containers on fire: from container escapes to supply chain attacks

Introduction Modern infrastructures universally rely on containerization to deploy applications, scale services, and build cloud platforms. The use of Docker, Kubernetes, and similar technologies has become the corporate standard for efficient automation. However, as containers grow in popularity...

9.3CVSS7.7AI score0.9857EPSS
Exploits61
Securelist
Securelist
added 2025/07/21 8:0 a.m.21 views

The SOC files: Rumble in the jungle or APT41’s new target in Africa

Introduction Some time ago, Kaspersky MDR analysts detected a targeted attack against government IT services in the African region. The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware. One of the C2s was a captive SharePoint serve...

7.1AI score
Exploits0
Securelist
Securelist
added 2025/04/21 8:0 a.m.21 views

Phishing attacks leveraging HTML code inside SVG files

With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. Attackers employ deceptive URL redirection tactics, such as appending malicious website addresses to seemingly safe links, embed links in PDFs, and send HTML...

6.9AI score
Exploits0
Securelist
Securelist
added 2025/04/04 10:0 a.m.21 views

A journey into forgotten Null Session and MS-RPC interfaces, part 2

In the first part of our research, I demonstrated how we revived the concept of no authentication null session after many years. This involved enumerating domain information, such as users, without authentication. I walked you through the entire process, starting with the difference between no-au...

7.6AI score
Exploits0
Securelist
Securelist
added 2024/06/24 10:0 a.m.21 views

XZ backdoor: Hook analysis

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident social engineering Part 3: XZ backdoor. Hook analysis In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned...

8.6AI score
Exploits0
Securelist
Securelist
added 2022/11/23 8:0 a.m.21 views

Black Friday shoppers beware: online threats so far in 2022

The shopping event of the year, Black Friday, is almost here, and while the big day does not officially arrive until Friday, November 25th, deals are already starting. The day kickstarts the frenzied holiday shopping season with eye-catching promotional deals that lure shoppers into spending more...

6.8AI score
Exploits0
Securelist
Securelist
added 2022/11/22 8:0 a.m.21 views

Crimeware and financial cyberthreats in 2023

A look back on the year 2022 and what to expect in 2023 Every year, as part of the Kaspersky Security Bulletin, we predict which major trends will be followed in the coming year by attackers, who target financial organizations. The predictions, based on our extensive experience, help individuals...

0.7AI score
Exploits0
Securelist
Securelist
added 2022/05/16 8:0 a.m.21 views

HTML attachments in phishing e-mails

The use of embedded HTML documents in phishing e-mails is a standard technique employed by cybercriminals. It does away with the need to put links in the e-mail body, which antispam engines and e-mail antiviruses usually detect with ease. HTML offers more possibilities than e-mail for camouflagin...

7AI score
Exploits0
Securelist
Securelist
added 2022/04/25 10:0 a.m.21 views

DDoS attacks in Q1 2022

News overview The DDoS landscape in Q1 2022 was shaped by the ongoing conflict between Russia and Ukraine: a significant part of all DDoS-related news concerned these countries. In mid-January, the website of Kyiv Mayor Vitali Klitschko was hit by a DDoS attack, and the websites of a number of...

0.3AI score
Exploits0
Securelist
Securelist
added 2021/12/09 10:0 a.m.21 views

The life cycle of phishing pages

Introduction In this study, we analyzed how long phishing pages survive as well as the signs they show when they become inactive. In addition to the general data, we provided a number of options for classifying phishing pages according to formal criteria and analyzed the results for each of them...

6.7AI score
Exploits0
Securelist
Securelist
added 2021/11/23 10:0 a.m.21 views

The dangers of “connected” healthcare: predictions for 2022

For a second consecutive year, the time for Kaspersky to make its predictions for the healthcare sector comes amid the global COVID-19 pandemic. Unfortunately, the virus still dominates most aspects of our lives, and, of course, the pandemic remained the biggest and most-discussed topic in...

6.6AI score
Exploits0
Securelist
Securelist
added 2021/11/23 10:0 a.m.21 views

Privacy predictions 2022

We no longer rely on the Internet just for entertainment or chatting with friends. Global connectivity underpins the most basic functions of our society, such as logistics, government services and banking. Consumers connect to businesses via instant messengers and order food delivery instead of...

6.9AI score
Exploits0
Securelist
Securelist
added 2017/12/21 10:0 a.m.21 views

Nhash: petty pranks with big finances

According to our data, cryptocurrency miners are rapidly gaining in popularity. In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on users' computers. This time, we'd like to dwell more on how exactly the computers of...

6.6AI score
Exploits0
Securelist
Securelist
added 2026/07/02 9:0 a.m.20 views

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that examines whether a target network has been compromised. The service combines threat intelligence analysis...

6.6AI score
Exploits0
Securelist
Securelist
added 2026/06/22 10:0 a.m.20 views

A VBScript campaign distributed through WhatsApp deploying RMM software

In June 2026, we observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, wi...

6.1AI score
Exploits0
Securelist
Securelist
added 2026/05/07 10:0 a.m.20 views

Exploits and vulnerabilities in Q1 2026

During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems. In this report, we dive into the statistics on published vulnerabilities and...

10CVSS7.9AI score0.99979EPSS
Exploits223
Securelist
Securelist
added 2025/04/25 10:0 a.m.20 views

Triada strikes back

Introduction Older versions of Android contained various vulnerabilities that allowed gaining root access to the device. Many malicious programs exploited these to elevate their system privileges and gain persistence. The notorious Triada Trojan also used this attack vector. With time, the...

8.2AI score
Exploits0
Securelist
Securelist
added 2024/12/17 8:21 a.m.20 views

Download a banker to track your parcel

In late October 2024, a new scheme for distributing a certain Android banking Trojan called "Mamont" was uncovered. The victim would receive an instant message from an unknown sender asking to identify a person in a photo. The attackers would then send what appeared to be the photo itself but was...

7.3AI score
Exploits0
Securelist
Securelist
added 2024/11/06 10:0 a.m.20 views

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Introduction In August 2024, our team identified a new crimeware bundle, which we named "SteelFox". Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular...

7.8CVSS7.7AI score0.00605EPSS
Exploits2
Securelist
Securelist
added 2024/01/17 10:0 a.m.20 views

Dark web threats and dark market predictions for 2024

An overview of last years predictions 1. Increase in personal data leaks; corporate email at risk A data leakage is a broad term encompassing various types of information that become publicly available, or published for sale on the dark web or other shadow web sites. Leaked information may includ...

7.2AI score
Exploits0
Securelist
Securelist
added 2021/12/22 10:0 a.m.20 views

Choosing Christmas gifts for kids: Squid Game and Huggy Wuggy are trending

As the holidays approach, many of us are trying to figure out what to buy our family and friends. We especially want to make this time of year festive for kids. If you want to delight children, you need to know what theyre interested in: what LEGO set theyre dreaming about, what superheroes theyd...

6.5AI score
Exploits0
Securelist
Securelist
added 2021/10/12 4:0 p.m.20 views

SAS 2021: Learning to ChaCha with APT41

Straight from the sunny UK to the stage of SAS-at-Home 2021, John Southworth PwC will be giving some insights about the threat actor APT41, also known as Red Kelpie and Winnti. Starting with APT10 Red Apollo, the presentation will dance you through the malware used by APT41 – the Motnug loader an...

0.7AI score
Exploits0
Securelist
Securelist
added 2017/11/28 10:0 a.m.20 views

Kaspersky Security Bulletin: Story of the year 2017

Download the Kaspersky Security Bulletin: Story of the year 2017 Introduction: what we learned in 2017 In 2017, the ransomware threat suddenly and spectacularly evolved. Three unprecedented outbreaks transformed the landscape for ransomware, probably forever. The attacks targeted businesses and...

6.9AI score
Exploits0
Securelist
Securelist
added 2017/06/27 6:57 p.m.20 views

Schroedinger’s Pet(ya)

UPDATE June 28th, 2017: After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims' disk, even if a payment was made. It appears this malware campaign was designed as a wiper pretending to be ransomware...

7.4AI score
Exploits0
Securelist
Securelist
added 2026/03/18 11:0 a.m.19 views

The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico

Introduction In this installment of our SOC Files series, we will walk you through a targeted campaign that our MDR team identified and hunted down a few months ago. It involves a threat known as Horabot , a bundle consisting of an infamous banking Trojan, an email spreader, and a notably complex...

6AI score
Exploits0
Securelist
Securelist
added 2025/06/05 10:0 a.m.19 views

IT threat evolution in Q1 2025. Mobile statistics

IT threat evolution in Q1 2025. Mobile statistics IT threat evolution in Q1 2025. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in the first quarter of 2025: A total of 12 million attacks on mobile devices involving malware, adware, or unwanted apps were blocked...

7.6AI score
Exploits0
Securelist
Securelist
added 2025/03/06 10:0 a.m.19 views

Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

Introduction Among the most significant events in the AI world in early 2025 was the release of DeepSeek-R1 – a powerful reasoning large language model LLM with open weights. It's available both for local use and as a free service. Since DeepSeek was the first service to offer access to a reasoni...

7.2AI score
Exploits0
Securelist
Securelist
added 2024/08/15 12:0 p.m.19 views

Tusk: unraveling a complex infostealer campaign

Summary Kaspersky Global Emergency Response Team GERT has identified a complex campaign, consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals. The sub-campaigns imitate legitimate projects, slightly modifying names and branding and using multiple social media...

7.4AI score
Exploits0
Securelist
Securelist
added 2024/07/09 1:0 p.m.19 views

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

Detection is a traditional type of cybersecurity control, along with blocking, adjustment, administrative and other controls. Whereas before 2015 teams asked themselves what it was that they were supposed to detect, as MITRE ATT&CK evolved, SOCs were presented with practically unlimited space for...

6.6AI score
Exploits0
Total number of security vulnerabilities1025