Category: Securelist

Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats. This article has been indexed from Securelist Read the original article: DCRat backdoor returns

Read more →

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors. This article has…

Read more →

Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites. This article has been indexed from Securelist Read the original article: Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

Read more →

Attackers blackmail YouTubers with complaints and account blocking threats, forcing them to distribute a miner disguised as a bypass tool. This article has been indexed from Securelist Read the original article: Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner…

Read more →

The most notable mobile threats of 2024, and statistics on Android-specific malware, adware and potentially unwanted software. This article has been indexed from Securelist Read the original article: Mobile malware evolution in 2024

Read more →

Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing how web shells have evolved. This article has been indexed from Securelist Read the original article: The SOC files: Chasing…

Read more →

This report provides statistics on vulnerabilities and exploits and discusses the most frequently exploited vulnerabilities in Q4 2024. This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q4 2024

Read more →

Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects. This article has been indexed from Securelist Read the original article: The GitVenom campaign: cryptocurrency theft using GitHub

Read more →

Kaspersky experts analyze the Angry Likho APT group’s attacks, which use obfuscated AutoIt scripts and the Lumma stealer for data theft. This article has been indexed from Securelist Read the original article: Angry Likho: Old beasts in a new forest

Read more →

The Kaspersky Managed Detection and Response report includes trends and statistics based on incidents identified and mitigated by Kaspersky’s SOC team in 2024. This article has been indexed from Securelist Read the original article: Managed detection and response in 2024

Read more →

We analyze 2024’s key spam and phishing statistics and trends: the hunt for crypto wallets, Hamster Kombat, online promotions via neural networks, fake vacation schedules, and more. This article has been indexed from Securelist Read the original article: Spam and…

Read more →

StaryDobry campaign targets gamers with XMRig miner This article has been indexed from Securelist Read the original article: StaryDobry ruins New Year’s Eve, delivering miner instead of presents

Read more →

Compensations for scam victims, and millionaires losing their family to COVID-19: read on to learn about the types of “Nigerian” spam one could come across in 2024. This article has been indexed from Securelist Read the original article: Investors, Trump…

Read more →

Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model. This article has been indexed from Securelist Read the original article:…

Read more →

How cyberattackers exploit group policies, what risks attacks like these pose, and what measures can be taken to protect against such threats. This article has been indexed from Securelist Read the original article: One policy to rule them all

Read more →

Kaspersky GReAT experts discovered a new campaign targeting Android devices in Malaysia and Brunei with the Tria stealer to collect data from apps like WhatsApp and Gmail. This article has been indexed from Securelist Read the original article: No need…

Read more →

Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025. This article has been indexed from Securelist Read the original article: Threat predictions for industrial enterprises 2025

Read more →

Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access. This article has been indexed from Securelist Read the original article: Mercedes-Benz Head Unit security research report

Read more →

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor. This article has been indexed from Securelist Read the original article: EAGERBEE, with updated and novel components, targets the Middle East

Read more →

The ICS CERT quarterly report covers threat landscape for industrial automation systems in Q3 2024. This article has been indexed from Securelist Read the original article: Threat landscape for industrial automation systems in Q3 2024

Read more →

We analyze the latest activity by the Cloud Atlas gang. The attacks employ the PowerShower, VBShower and VBCloud modules to download victims’ data with various PowerShell scripts. This article has been indexed from Securelist Read the original article: Cloud Atlas…

Read more →

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”. This article has been indexed from Securelist Read the original article: BellaCPP: Discovering a new BellaCiao variant written in C++

Read more →

Kaspersky’s GERT experts describe an incident with initial access to enterprise infrastructures through a FortiClient EMS vulnerability that allowed SQL injections. This article has been indexed from Securelist Read the original article: Attackers exploiting a patched FortiClient EMS vulnerability in…

Read more →

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus. This article has been indexed from Securelist Read the original article: Lazarus group evolves its infection…

Read more →

Kaspersky experts analyze attacks by C.A.S, a cybergang that uses uncommon remote access Trojans and posts data about victims in public Telegram channels. This article has been indexed from Securelist Read the original article: Analysis of Cyber Anarchy Squad attacks…

Read more →

The Mamont banking trojan is spreading under the guise of a parcel-tracking app for fake stores claiming to offer goods at wholesale prices. This article has been indexed from Securelist Read the original article: Download a banker to track your…

Read more →

Kaspersky experts review dark market trends in 2024, such as popularity of cryptors, loaders and crypto drainers on the dark web, and discuss what to expect in 2025. This article has been indexed from Securelist Read the original article: Dark…

Read more →

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence. This article has been indexed from Securelist Read the original article: Careto is back: what’s new after 10 years of silence?

Read more →

While the CrowdStrike incident is still fresh in our minds, Kaspersky experts look back on similar IT outages that happened in 2024 and predict potential threats for 2025. This article has been indexed from Securelist Read the original article: Story…

Read more →

The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q3 2024, such as regreSSHion This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q3 2024

Read more →

Kaspersky researchers demonstrate capabilities of hrtng plugin for IDA Pro, share tips on working with IDA and reverse engineer FinSpy malware with these tools. This article has been indexed from Securelist Read the original article: Our secret ingredient for reverse…

Read more →

The “Kaspersky Security Bulletin 2024. Statistics” report contains statistics on cyberthreats for the period from November 2023 through October 2024. It covers such threats as financial malware, ransomware, miners, malware for IoT and macOS, vulnerabilities and others. This article has…

Read more →

Kaspersky’s GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025. This article has been indexed from Securelist Read the original article: Сrimeware and financial cyberthreats in 2025

Read more →

Internet-exposed GNSS receivers pose a significant threat to sensitive operations. Kaspersky shares statistics on internet-exposed receivers for July 2024 and advice on how to protect against GNSS attacks. This article has been indexed from Securelist Read the original article: Threats…

Read more →

Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims. This article has been indexed from Securelist Read the original article: Ymir: new stealthy ransomware…

Read more →

Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns. This article has been indexed from Securelist Read the original article: QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Read more →

Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle. This article has been indexed from Securelist Read the original article: New SteelFox Trojan mimics software activators,…

Read more →

Scammers use large language models (LLMs) to create phishing pages and leave artifacts in texts and tags, like the phrase “As an AI language model…”. This article has been indexed from Securelist Read the original article: Loose-lipped neural networks and…

Read more →

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents. This article has been indexed from Securelist Read the original article: Risk reduction redefined: How…

Read more →

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets. This article has been indexed from Securelist Read the original article: Lumma/Amadey: fake CAPTCHAs want to…

Read more →

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain. This article has been indexed from Securelist Read the original article: The Crypto Game…

Read more →

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain. This article has been indexed from Securelist Read the original article: The Crypto Game…

Read more →

In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions. This article has been indexed from Securelist Read the original article: Grandoreiro, the global trojan with grandiose goals

Read more →

In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions. This article has been indexed from Securelist Read the original article: Grandoreiro, the global trojan with grandiose ambitions

Read more →

Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer. This article has been indexed from Securelist Read…

Read more →

A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc. This article has been indexed from Securelist Read the original article: Analysis of the…

Read more →

In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7. This article has been indexed from Securelist Read the original article: SAS CTF and…

Read more →

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques. This article has been indexed from Securelist Read the original article: Beyond the Surface: the evolution and expansion of the SideWinder APT group

Read more →

The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on. This article has been indexed from Securelist Read the original article: Whispers from the Dark…

Read more →

Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations. This article has been indexed from Securelist Read the original article: Awaken Likho is…

Read more →

Malicious actors are spreading miners through fake websites with popular software, Telegram channels and YouTube, installing Wazuh SIEM agent on victims’ devices for persistence. This article has been indexed from Securelist Read the original article: Scam Information and Event Management

Read more →

How Kaspersky implemented machine learning for threat hunting in Kaspersky Security Network (KSN) global threat data. This article has been indexed from Securelist Read the original article: Finding a needle in a haystack: Machine learning at the forefront of threat…

Read more →

Kaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram. This article has been indexed from Securelist Read the original article: Key Group: another ransomware group using…

Read more →

In this report, we share statistics on threats to industrial control systems in Q2 2024, including statistics by region, industry, malware and other threat types. This article has been indexed from Securelist Read the original article: Threat landscape for industrial…

Read more →

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. This article has been indexed from Securelist Read the original article: From 12 to 21: how we discovered connections between…

Read more →

Kaspersky experts review Do Not Track (DNT) statistics for the most widely used web tracking services in 2023 and 2024 operated by companies like Google, Microsoft, etc. This article has been indexed from Securelist Read the original article: Web tracking…

Read more →

Kaspersky experts have discovered a new version of the Necro Trojan, which has attacked tens of thousands of Android devices through Google Play and Spotify and WhatsApp mods. This article has been indexed from Securelist Read the original article: How…

Read more →

Analysis of Twelve’s activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers. This article has been indexed from Securelist Read the original article: -=TWELVE=- is back

Read more →

Kaspersky researchers detected a campaign exclusively targeting Italian users by delivering a new RAT dubbed SambaSpy This article has been indexed from Securelist Read the original article: Exotic SambaSpy is now dancing with Italian users

Read more →

Kaspersky experts have discovered a new version of the Loki agent for the open-source Mythic framework, which uses DLLs to attack Russian companies. This article has been indexed from Securelist Read the original article: Loki: a new private agent for…

Read more →

Kaspersky experts found a new variant of the China Chopper web shell from the Tropic Trooper group that imitates an Umbraco CMS module and targets a government entity in the Middle East. This article has been indexed from Securelist Read…

Read more →

In this report, we provide an in-depth analysis of the Mallox ransomware, its evolution, ransom strategy, encryption scheme, etc. This article has been indexed from Securelist Read the original article: Mallox ransomware: in-depth analysis and evolution

Read more →

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more. This article has been indexed from Securelist Read the original article: A deep dive into the…

Read more →

In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc. This article has been indexed from Securelist Read the original article: IT threat evolution Q2 2024

Read more →

The report gives statistics on mobile malware and unwanted software for Q2 2024, including mobile banking Trojans and ransomware. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2024. Mobile statistics

Read more →

This report presents statistics on PC threats for Q2 2024, including data on ransomware, miners, threats to macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2024. Non-mobile statistics

Read more →

Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore. This article has been indexed from Securelist Read the original article: Head Mare: adventures of a unicorn in…

Read more →

Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers. This article has been indexed from Securelist Read the original article: HZ Rat backdoor for macOS attacks users of China’s…

Read more →

While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer. This article has been indexed from Securelist…

Read more →

The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024. This article has been indexed from Securelist Read the original article: Exploits and vulnerabilities in Q2 2024

Read more →

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems. This article has been indexed from Securelist Read the original article: Approach to mainframe penetration testing on z/OS

Read more →

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. This article has been indexed from Securelist Read the original article: BlindEagle flying…

Read more →

Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain cryptowallet credentials and system data. This article has been indexed from Securelist Read the original article: Tusk: unraveling a complex infostealer campaign

Read more →

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools. This article has been indexed from Securelist Read the original article: EastWind campaign: new CloudSorcerer attacks on government organizations in…

Read more →

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity. This article has been indexed from Securelist Read the original…

Read more →

We studied data from the internet and Kaspersky internal sources to find out how and why people use indirect prompt injection. This article has been indexed from Securelist Read the original article: Indirect prompt injection in the real world: how…

Read more →

Previously unknown spyware LianSpy targets Android devices by exploiting root privileges to steal data and leveraging Yandex Disk cloud service as C2. This article has been indexed from Securelist Read the original article: LianSpy: new Android spyware targeting Russian users

Read more →

Kaspersky researchers investigated three ransomware groups that tapped newly built malware samples based on Babuk, Lockbit, Chaos and others, while lacking professional resources. This article has been indexed from Securelist Read the original article: How “professional” ransomware variants boost cybercrime…

Read more →

Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play This article has been indexed from Securelist Read the original article: Mandrake spyware sneaks onto Google Play again, flying under the…

Read more →

Kaspersky experts have discovered a new scheme that combines elements of spear and mass phishing This article has been indexed from Securelist Read the original article: When spear phishing met mass phishing

Read more →

How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help. This article has been indexed from Securelist Read the original article: Developing and prioritizing a detection engineering backlog based…

Read more →

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor. This article has been indexed from Securelist Read the original article: CloudSorcerer – A new APT targeting Russian government…

Read more →

Kaspersky analysts explain which applications are targeted the most, and how enterprises can protect themselves from phishing and spam. This article has been indexed from Securelist Read the original article: Cybersecurity in the SMB space — a growing threat

Read more →

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook. This article has been indexed from Securelist Read the original article: XZ backdoor: Hook analysis

Read more →

Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques. This article has been indexed from Securelist Read the original article: Analysis of user password strength

Read more →

We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities. This article has been indexed from Securelist Read the original…

Read more →

The report analyzes the security properties of a popular biometric access control terminal made by ZkTeco and describes vulnerabilities found in it. This article has been indexed from Securelist Read the original article: QR code SQL injection and other vulnerabilities…

Read more →

Explaining how scammers use phishing and OTP bots to gain access to accounts protected with 2FA. This article has been indexed from Securelist Read the original article: Bypassing 2FA with phishing and OTP bots

Read more →

In this report, Kaspersky shares non-mobile malware statistics for Q1 2024, including ransomware, miner and macOS malware statistics. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2024. Non-mobile statistics

Read more →

In this report, we review the most significant malware-related events of Q1 2024: the disclosure of the hardware vulnerability used in Operation Triangulation, a lightweight method to detect iOS malware and DinodasRAT Linux implant. This article has been indexed from…

Read more →