Lucene search
K
SecurelistRecent

1025 matches found

Securelist
Securelist
added 2020/04/08 10:0 a.m.23350 views

Spam and phishing in 2019

Figures of the year The share of spam in mail traffic was 56.51%, which is 4.03 p.p. more than in 2018. The biggest source of spam this year was China 21.26%. 44% of spam e-mails were less than 2 KB in size. Malicious spam was detected most commonly with the Exploit.MSOffice.CVE-2017-11882 verdic...

9.3CVSS0.99945EPSS
Exploits33
Securelist
Securelist
added 2020/04/07 9:0 a.m.76 views

Unkillable xHelper and a Trojan matryoshka

It was the middle of last year that we detected the start of mass attacks by the xHelper Trojan on Android smartphones, but even now the malware remains as active as ever. The main feature of xHelper is entrenchment — once it gets into the phone, it somehow remains there even after the user delet...

7.2AI score
Exploits0
Securelist
Securelist
added 2020/04/06 7:0 a.m.63 views

YARA webinar follow up

If you read my previous blogpost Hunting APTs with YARA then you probably know about the webinar we conducted on March 31, 2020, showcasing some of our experience in developing and using YARA rules for malware hunting. In case you missed the webinar - or if you attended and want to re-watch it -...

9.3CVSS8.6AI score0.69709EPSS
Exploits1
Securelist
Securelist
added 2020/04/02 10:0 a.m.72 views

Loncom packer: from backdoors to Cobalt Strike

The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the...

7.3AI score
Exploits0
Securelist
Securelist
added 2020/03/31 10:0 a.m.54 views

Holy water: ongoing targeted water-holing attack in Asia

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor's...

7.5AI score
Exploits0
Securelist
Securelist
added 2020/03/26 5:32 p.m.67 views

iOS exploit chain deploys LightSpy feature-rich malware

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Since the initial activity, we released two...

6.8AI score
Exploits0
Securelist
Securelist
added 2020/03/24 10:0 a.m.42 views

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine KTAE doesn't...

7.3AI score
Exploits0
Securelist
Securelist
added 2020/03/18 4:16 p.m.58 views

Hunting APTs with YARA

For the past few years, we have been spreading our knowledge and experience of using YARA, often called a pattern matching swiss knife for malware researchers and everyone else. Most of the time, this took the form of the Kaspersky training course titled, "Hunting APTs with YARA Like a GReAT...

9.3CVSS8.8AI score0.69709EPSS
Exploits1
Securelist
Securelist
added 2020/03/16 10:0 a.m.74 views

MonitorMinor: vicious stalkerware?

Updated March 17th, 2020 The other day, our Android traps ensnared an interesting specimen of commercial software that is positioned as a parental control app, but may also be used to secretly monitor family members or colleagues – or, in other words, for stalking. Such apps are often called...

6.9AI score
Exploits0
Securelist
Securelist
added 2020/03/12 10:0 a.m.83 views

Cookiethief: a cookie-stealing Trojan for Android

We recently discovered a new strain of Android malware. The Trojan detected as: Trojan-Spy.AndroidOS.Cookiethief turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals' server...

0.4AI score
Exploits0
Securelist
Securelist
added 2020/03/05 10:0 a.m.73 views

Mokes and Buerak distributed under the guise of security certificates

The technique of distributing malware under the guise of legitimate software updates is not new. As a rule, cybercriminals invite potential victims to install a new version of a browser or Adobe Flash Player. However, we recently discovered a new approach to this well-known method: visitors to...

0.1AI score
Exploits0
Securelist
Securelist
added 2020/02/27 2:0 p.m.29 views

Roaming Mantis, part V

Kaspersky has continued to track the Roaming Mantis campaign. The group's attack methods have improved and new targets continuously added in order to steal more funds. The attackers' focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis...

0.5AI score
Exploits0
Securelist
Securelist
added 2020/02/25 10:0 a.m.151 views

Mobile malware evolution 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Figures of the year In 2019, Kaspersky mobile products and technologies detected: 3,503,952 malicious installation packages. 69,777 new mobile banking Trojans...

7.2CVSS0.2AI score0.83524EPSS
Exploits82
Securelist
Securelist
added 2020/02/20 11:3 a.m.55 views

Cybersecurity Research During the Coronavirus Outbreak and After

Virus outbreaks are always gruesome: people, animals or computer systems get infected within a short time. Of course, viruses spreading across our physical world always take priority over the virtual world. Nevertheless, everyone should keep doing their job, which includes all kinds of malware...

7.2AI score
Exploits0
Securelist
Securelist
added 2020/02/18 10:0 a.m.61 views

AZORult spreads as a fake ProtonVPN installer

AZORult has its history. However, a few days ago, we discovered what appears to be one of its most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows. Screenshot of a fake ProtonVPN website The campaign started at the end of November 20...

1.3AI score
Exploits0
Securelist
Securelist
added 2020/02/13 10:15 a.m.63 views

DDoS attacks in Q4 2019

News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service ARMS, part of the Apple Remote Desktop ARD...

7AI score
Exploits0
Securelist
Securelist
added 2020/02/10 2:0 p.m.63 views

KBOT: sometimes they come back

Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code...

7.4AI score
Exploits0
Securelist
Securelist
added 2020/02/07 10:1 a.m.52 views

Happy New Fear! Gift-wrapped spam and phishing

Pre-holiday spam Easy money In the run-up to Christmas and New Year, scam е-mails mentioning easy pickings, lottery winnings, and other cash surprises are especially popular. All the more so given how simple it is to adapt existing schemes simply by mentioning the holiday in the subject line. For...

0.2AI score
Exploits0
Securelist
Securelist
added 2020/01/23 10:0 a.m.45 views

Shlayer Trojan attacks one in ten macOS users

For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell int...

7AI score
Exploits0
Securelist
Securelist
added 2020/01/09 10:0 a.m.57 views

Smartphone shopaholic

Have you ever noticed strange reviews of Google Play apps that look totally out of place? Their creators might give it five stars, while dozens of users rate it with just one, and in some cases the reviews seem to be talking about some other program entirely. If so, you may be unknowingly...

0.2AI score
Exploits0
Securelist
Securelist
added 2020/01/08 10:0 a.m.87 views

Operation AppleJeus Sequel

The Lazarus group is currently one of the most active and prolific APT actors. In 2018, Kaspersky published a report on one of their campaigns, named Operation AppleJeus. Notably, this operation marked the first time Lazarus had targeted macOS users, with the group inventing a fake company in ord...

8.2AI score
Exploits0
Securelist
Securelist
added 2019/12/20 12:0 p.m.82 views

How we developed our simple Harbour decompiler

https://github.com/KasperskyLab/hbdec Every once in a while we get a request that leaves us scratching our heads. With these types of requests, existing tools are usually not enough and we have to create our own custom tooling to solve the "problem". One such request dropped onto our desk at the...

7.4AI score
Exploits0
Securelist
Securelist
added 2019/12/17 12:0 p.m.44 views

OilRig’s Poison Frog – old samples, same trick

After we wrote our private report on the OilRig leak, we decided to scan our archives with our YARA rule, to hunt for new and older samples. Aside from finding some new samples, we believe we also succeeded in finding some of the first Poison Frog samples. Poison Frog We're not quite sure whether...

7.6AI score
Exploits0
Securelist
Securelist
added 2019/12/12 12:0 p.m.75 views

Kaspersky Security Bulletin 2019. Statistics

All the statistics used in this report were obtained using Kaspersky Security Network KSN, a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky product users from 203...

2.1AI score
Exploits0
Securelist
Securelist
added 2019/12/11 10:0 a.m.49 views

Story of the year 2019: Cities under ransomware siege

Ransomware has been targeting the private sector for years now. Overall awareness of the need for security measures is growing, and cybercriminals are increasing the precision of their targeting to locate victims with security breaches in their defense systems. Looking back at the past three year...

7.4AI score
Exploits0
Securelist
Securelist
added 2019/12/10 8:0 p.m.102 views

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit...

7.2CVSS1.1AI score0.73856EPSS
Exploits14
Securelist
Securelist
added 2019/12/04 10:0 a.m.1491 views

APT review: what the world’s threat actors got up to in 2019

What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the development...

7.2CVSS9AI score0.99993EPSS
Exploits45
Securelist
Securelist
added 2019/12/03 10:0 a.m.88 views

Corporate security prediction 2020

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions 5G technology predictions 2020 Cyberthreats to financial institutions 2020: Overview and predictions Moving to the cloud The popularity of cloud services is...

0.9AI score
Exploits0
Securelist
Securelist
added 2019/12/03 10:0 a.m.36 views

Cybersecurity of connected healthcare 2020: Overview and predictions

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 5G technology predictions 2020 Corporate security prediction 2020 Cyberthreats to financial institutions 2020: Overview and predictions More than two years after the infamous Wannacry ransomware crippled medical facilities and...

0.8AI score
Exploits0
Securelist
Securelist
added 2019/12/03 10:0 a.m.58 views

Cyberthreats to financial institutions 2020: Overview and predictions

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions 5G technology predictions 2020 Corporate security prediction 2020 Key events 2019 Large-scale anti-fraud bypass: Genesis digital fingerprints market uncovere...

7.3AI score
Exploits0
Securelist
Securelist
added 2019/12/03 10:0 a.m.36 views

5G technology predictions 2020

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions Corporate security prediction 2020 Cyberthreats to financial institutions 2020: Overview and predictions It is estimated that data will reach 175 zettabytes...

7.6AI score
Exploits0
Securelist
Securelist
added 2019/12/02 3:0 p.m.140 views

Biometric data processing and storage system threats

Initially, digital biometric data processing systems were used primarily by government agencies and special services police, customs, etc.. However, the rapid evolution of information technology has made biometric systems accessible for 'civil' use. They are increasingly becoming part of our...

0.6AI score
Exploits0
Securelist
Securelist
added 2019/11/29 10:0 a.m.759 views

IT threat evolution Q3 2019. Statistics

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network: Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across t...

10CVSS0.4AI score0.99999EPSS
Exploits210
Securelist
Securelist
added 2019/11/29 10:0 a.m.969 views

IT threat evolution Q3 2019

Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed 'Operation ViceLeaker' involving the spread of malicious Android samples via instant messaging. The campaign affected several...

9.3CVSS9.3AI score0.99964EPSS
Exploits78
Securelist
Securelist
added 2019/11/28 10:0 a.m.910 views

RevengeHotels: cybercrime targeting hotel front desks worldwide

RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group, located in eight states in Brazil, but also in other countries...

9.3CVSS0.4AI score0.99933EPSS
Exploits29
Securelist
Securelist
added 2019/11/26 10:0 a.m.170 views

Spam and phishing in Q3 2019

Quarterly highlights Amazon Prime In Q3, we registered numerous scam mailings related to Amazon Prime. Most of the phishing emails with a link to a fake Amazon login page offered new prices or rewards for buying things, or reported problems with membership, etc. Against the backdrop of September'...

9.3CVSS8.5AI score0.99945EPSS
Exploits33
Securelist
Securelist
added 2019/11/25 10:46 a.m.47 views

Unwanted notifications in browser

When, back in 2015, push notifications were just appearing in browsers, very few people wondered how this tool would be used in the future: once a useful technology made to keep regular readers informed about updates, today it is often used to shell website visitors with unsolicited ads. To achie...

0.4AI score
Exploits0
Securelist
Securelist
added 2019/11/22 10:0 a.m.40 views

5G security and privacy for smart cities

The 5G telecommunications revolution is imminent. It is the next generation of cellular network, making use of the existing 4G LTE in addition to opening up the millimeter wave band. 5G will be able to welcome more network-connected devices and increase speeds considerably for users. It will serv...

0.2AI score
Exploits0
Securelist
Securelist
added 2019/11/22 9:4 a.m.37 views

Black Friday Alert 2019: Net Shopping Bag of Threats

Every year, Kaspersky releases an annual Black Friday alert to highlight how fraudsters may capitalize on increased levels of online shopping at this time of year when many brands are offering their customers appealing discounts. In the rush to get a big discount or, even more panic-inducing, a...

7.3AI score
Exploits0
Securelist
Securelist
added 2019/11/21 10:0 a.m.47 views

The cybercrime ecosystem: attacking blogs

Executive summary The Cybercrime Ecosystem is a series of articles explaining how cybercriminals operate, what drives them, what techniques they use and how we, regular Internet users, are part of that ecosystem. The articles will also cover technical details and up-to-date research on the threat...

8.4AI score
Exploits0
Securelist
Securelist
added 2019/11/20 10:0 a.m.67 views

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020

Nothing is more difficult than making predictions. Rather than trying to gaze into a crystal ball, we will be making educated guesses based on what has happened during the last 12 months, to see where we can see trends that might be exploited in the near future. This is what we think might happen...

6.5AI score
Exploits0
Securelist
Securelist
added 2019/11/11 10:0 a.m.140 views

DDoS attacks in Q3 2019

News overview This past quarter we observed a new DDoS attack that confirmed our earlier hypothesis regarding attacks through the Memcached protocol. As we surmised, the attackers attempted to use another, rather exotic protocol to amplify DDoS attacks. Experts at Akamai Technologies recently...

Exploits0
Securelist
Securelist
added 2019/11/08 10:0 a.m.83 views

Titanium: the Platinum group strikes again

Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium named after a password to one of the self-executable archives. Titanium is the final result of a...

7.2AI score
Exploits0
Securelist
Securelist
added 2019/11/05 10:0 a.m.59 views

DarkUniverse – the mysterious APT framework #27

In April 2017, ShadowBrokers published their well-known 'Lost in Translation' leak, which, among other things, contained an interesting script that checked for traces of other APTs in the compromised system. In 2018, we found an APT described as the 27th function of this script, which we call...

7.1AI score
Exploits0
Securelist
Securelist
added 2019/11/01 4:0 p.m.204 views

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google's Chrome browser. We promptly reported this to the Google Chrome security team...

6.8CVSS8.5AI score0.72977EPSS
Exploits4
Securelist
Securelist
added 2019/11/01 10:0 a.m.86 views

The cake is a lie! Uncovering the secret world of malware-like cheats in video games

In 2018, the video game industry became one of the most lucrative in the world, generating $43.4 billion in revenue within the United States alone. When we consider that video game licenses are only a fraction of the total market, it becomes clear just how important the industry is compared to th...

7.6AI score
Exploits0
Securelist
Securelist
added 2019/10/28 10:0 a.m.79 views

Steam-powered scammers

Digital game distribution services have not only simplified the sale of games themselves, but provided developers with additional monetization levers. For example, in-game items, such as skins, equipment, and other character-enhancing elements as well as those that help one show up, can be sold f...

7.6AI score
Exploits0
Securelist
Securelist
added 2019/10/23 10:0 a.m.70 views

Data collectors

Who owns data owns the world. And with the Internet taking over much of our daily lives, it has become far easier and faster to receive, collect, and analyze data. The average user cannot even imagine how much data gets collected on them. Besides technical information for example, about a...

0.5AI score
Exploits0
Securelist
Securelist
added 2019/10/16 10:0 a.m.245 views

APT trends report Q3 2019

For more than two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

5CVSS8AI score0.99993EPSS
Exploits45
Securelist
Securelist
added 2019/10/15 10:0 a.m.113 views

IoT: a malware story

Since 2008, cyber-criminals have been creating malware to attack IoT-devices, such as routers and other types of network equipment. You will find a lot of statistics on this on Securelist, most notably, here and here. The main problem with these IoT/embedded devices is that one simply cannot...

0.1AI score
Exploits0
Total number of security vulnerabilities1025