Category: Securelist

Read the original article: IT threat evolution Q2 2020. Mobile statistics According to Kaspersky Security Network, during the second quarter 1,245,894 malicious installers were detected and a total of 14,204,345 attacks on mobile devices were blocked.   Advertise on IT…

Read more →

Read the original article: IT threat evolution Q2 2020 Targeted attacks and APT groups, new malware and the COVID-19 pandemic exploitation in the second quarter of 2020   Advertise on IT Security News. Read the original article: IT threat evolution…

Read more →

Read the original article: Operation PowerFall: CVE-2020-0986 and variants While we already described the exploit for Internet Explorer in the original blog post about Operation PowerFall, we also promised to share more details about the elevation of privilege exploit. Let’s…

Read more →

Read the original article: Transparent Tribe: Evolution analysis,part 2 In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe.…

Read more →

Read the original article: Transparent Tribe: Evolution analysis,part 2 In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe.…

Read more →

Read the original article: Transparent Tribe: Evolution analysis, part 2 In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent…

Read more →

Read the original article: Lifting the veil on DeathStalker, a mercenary triumvirate DeathStalker is a unique threat group that appears to target law firms and companies in the financial sector. They don’t deploy ransomware or steal payment information to resell…

Read more →

Read the original article: Transparent Tribe: Evolution analysis,part 1 Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013.   Advertise on IT Security News. Read…

Read more →

Read the original article: Transparent Tribe: Evolution analysis, part 1 Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013.   Advertise on IT Security News.…

Read more →

Read the original article: CactusPete APT group’s updated Bisonal backdoor A new CactusPete campaign shows that the group’s favored types of target remain the same. The victims of the new variant of the Bisonal backdoor were from financial and military…

Read more →

Read the original article: Internet Explorer and Windows zero-day exploits used in Operation PowerFall Kaspersky prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown…

Read more →

Read the original article: DDoS attacks in Q2 2020 The second quarter is normally calmer than the first, but this year is an exception. The long-term downward trend in DDoS-attacks has unfortunately been interrupted, and this time we are witnessing…

Read more →

Read the original article: Spam and phishing in Q2 2020 In Q2 2020, the largest share of spam (51.45 percent) was recorded in April. The average percentage of spam in global email traffic was 50,18%, down by 4.43 percentage points…

Read more →

Read the original article: Incident Response Analyst Report 2019 As an incident response service provider, Kaspersky delivers a global service that results in a global visibility of adversaries’ cyber-incident tactics and techniques on the wild. In this report, we share…

Read more →

Read the original article: WastedLocker: technical analysis According to currently available information, in the attack on Garmin a targeted build of the Trojan WastedLocker was used. We have performed technical analysis of the Trojan sample.   Advertise on IT Security…

Read more →

Read the original article: APT trends report Q2 2020 This summary is based on our threat intelligence research and provides a representative snapshot of what we have published and discussed, focusing on activities that we observed during Q2 2020.  …

Read more →

Read the original article: Lazarus on the hunt for big game By investigating a number of targeted ransomware attacks and through discussions with some of our trusted industry partners, we feel that we now have a good grasp on how…

Read more →

Read the original article: MATA: Multi-platform targeted malware framework The MATA malware framework possesses several components, such as loader, orchestrator and plugins. The framework is able to target Windows, Linux and macOS operating systems.   Advertise on IT Security News.…

Read more →

Read the original article: MATA: Multi-platform targeted malware framework The MATA malware framework possesses several components, such as loader, orchestrator and plugins. The framework is able to target Windows, Linux and macOS operating systems.   Advertise on IT Security News.…

Read more →

Read the original article: GReAT thoughts: Awesome IDA Pro plugins In the second ‘GReAT Ideas. Powered by SAS’ webinar, I’ll be talking about awesome IDA Pro plugins that I regularly use. This article is a sneak peek into what I’ll…

Read more →

Read the original article: The Streaming Wars: A Cybercriminal’s Perspective Cyber threats aren’t relegated to the world of big businesses and large-scale campaigns. The most frequent attacks aren’t APTs and massive data breaches—they’re the daily encounters with malware and spam…

Read more →

Read the original article: GReAT Ideas follow-up The two hours of our first “GReAT Ideas. Powered by SAS” session were not enough for answering all of the questions raised, therefore we try to answer them below.   Advertise on IT…

Read more →

Read the original article: The Tetrade: Brazilian banking malware goes global This article is a deep dive intended for a complete understanding of these four banking trojan families: Guildma, Javali, Melcoz and Grandoreiro, as they expand abroad, targeting users not…

Read more →

Read the original article: Redirect auction We’ve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as…

Read more →

Read the original article: Redirect auction We’ve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as…

Read more →

Read the original article: Pig in a poke: smartphone adware Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources.   Advertise on IT Security News. Read the…

Read more →

Read the original article: Magnitude exploit kit – evolution Exploit kits still play a role in today’s threat landscape and continue to evolve. For this blogpost I studied and analyzed the evolution of one of the most sophisticated exploit kits…

Read more →

Read the original article: Magnitude exploit kit – evolution Exploit kits still play a role in today’s threat landscape and continue to evolve. For this blogpost I studied and analyzed the evolution of one of the most sophisticated exploit kits…

Read more →

Read the original article: Oh, what a boot-iful mornin’ In mid-April, our threat monitoring systems detected malicious files being distributed under the name “on the new initiative of the World Bank in connection with the coronavirus pandemic” (in Russian) with…

Read more →

Read the original article: Web skimming with Google Analytics Recently, we identified several cases where Google Analytics was misused: attackers injected malicious code into sites, which collected all the data entered by users, and then sent it via Analytics.  …

Read more →

Read the original article: Microcin is here In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. We attribute this campaign with high confidence…

Read more →

Read the original article: Do cybercriminals play cyber games during quarantine? Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. We decided to take a closer look at the changes…

Read more →

Read the original article: Do cybercriminals play cyber games during quarantine? Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. We decided to take a closer look at the changes…

Read more →

Read the original article: Explicit content and cyberthreats: 2019 report Over the past two years we have reviewed how adult content has been used to spread malware and abuse users’ privacy. This is a trend that’s unlikely to go away,…

Read more →

Read the original article: Looking at Big Threats Using Code Similarity. Part 1 Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research…

Read more →

Read the original article: Looking at Big Threats Using Code Similarity. Part 1 Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research…

Read more →

Read the original article: Big threats using code similarity. Part 1 Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis…

Read more →

Read the original article: Big Threats Using Code Similarity. Part 1 Today, we are announcing the release of KTAE, the Kaspersky Threat Attribution Engine. This code attribution technology, developed initially for internal use by the Kaspersky Global Research and Analysis…

Read more →

Read the original article: Kids on the Web in 2020 The world is witnessing an unprecedented demonstration of digital technology primarily helping children develop, rather than impede their development.   Advertise on IT Security News. Read the original article: Kids…

Read more →

Read the original article: Cycldek: Bridging the (air) gap While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far.   Advertise…

Read more →

Read the original article: Cycldek: Bridging the (air) gap While investigating attacks related to a group named Cycldek post 2018, we were able to uncover various pieces of information on its activities that were not known thus far.   Advertise…

Read more →

Read the original article: Kids on the Web in 2020 The world is witnessing an unprecedented demonstration of digital technology primarily helping children develop, rather than impede their development.   Advertise on IT Security News. Read the original article: Kids…

Read more →

Read the original article: The zero-day exploits of Operation WizardOpium Back in October 2019 we detected a classic watering-hole attack that exploited a chain of Google Chrome and Microsoft Windows zero-days. In this blog post we’d like to take a…

Read more →

Read the original article: The zero-day exploits of Operation WizardOpium Back in October 2019 we detected a classic watering-hole attack that exploited a chain of Google Chrome and Microsoft Windows zero-days. In this blog post we’d like to take a…

Read more →

Read the original article: Spam and phishing in Q1 2020 Glancing at the results of Q1 2020, we anticipate that the COVID-19 topic will continue to be actively used by cybercriminals for the foreseeable future. To attract potential victims, the…

Read more →

Read the original article: Aggressive in-app advertising in Android We will look into a few examples of suspicious-looking ad modules that we discovered in popular apps earlier this year.   Advertise on IT Security News. Read the original article: Aggressive…

Read more →

Read the original article: IT threat evolution Q1 2020 Operation AppleJeus, news about Roaming Mantis, watering-hole websites in Asia, virus blast from the past and other targeted attacks and malware campaigns.   Advertise on IT Security News. Read the original…

Read more →

Read the original article: IT threat evolution Q1 2020. Statistics Kaspersky solutions blocked 726,536,269 attacks launched from online resources across the globe, a total of 442,039,230 unique URLs were recognized as malicious.   Advertise on IT Security News. Read the…

Read more →

Read the original article: IT threat evolution Q1 2020 Operation AppleJeus, news about Roaming Mantis, watering-hole websites in Asia, virus blast from the past and other targeted attacks and malware campaigns.   Advertise on IT Security News. Read the original…

Read more →

Read the original article: IT threat evolution Q1 2020. Statistics Kaspersky solutions blocked 726,536,269 attacks launched from online resources across the globe, a total of 442,039,230 unique URLs were recognized as malicious.   Advertise on IT Security News. Read the…

Read more →

Read the original article: Verizon’s 2020 DBIR Verizon’s 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique…

Read more →

Read the original article: Cyberthreats on lockdown The pandemic has affected us all in some way, so it would be surprising if cybercriminals were an exception. Spammers and phishers were naturally the trailblazers in this but the entire cybercrime landscape…

Read more →

Read the original article: COMpfun authors spoof visa application with HTTP status-based Trojan In autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. Later in November…

Read more →

Read the original article: Naikon’s Aria Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that we detected in 2017 and similarly reported in 2018.   Advertise on IT Security…

Read more →

Read the original article: DDoS attacks in Q1 2020 Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web. This is reflected in the goals of recent DDoS attacks, with the most…

Read more →

Read the original article: DDoS attacks in Q1 2020 Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web. This is reflected in the goals of recent DDoS attacks, with the most…

Read more →

Read the original article: APT trends report Q1 2020 For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing…

Read more →

Read the original article: Remote spring: the rise of RDP bruteforce attacks With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape.   Advertise on IT Security…

Read more →

Read the original article: Hiding in plain sight: PhantomLance walks into a market In July 2019, a sophisticated backdoor trojan in Google Play was reported. We conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”,…

Read more →

Read the original article: A look at the ATM/PoS malware landscape from 2017-2019 Much like other areas of cybercrime, attackers only refine and grow their skillset for infecting ATM systems from year-to-year. So what does the ATM landscape look like…

Read more →

Read the original article: What does it take to become a good reverse engineer? While we are all working from home, why not tear some binary code apart and pick up some reverse engineering skills? Within one hour, we will…

Read more →

Read the original article: SAS, sweet SAS As you may already know, we have rescheduled the SAS 2020 conference for November 18-21. However, we cannot just leave it all until November, that’s why we invite you to SAS at Home,…

Read more →

Read the original article: Financial Cyberthreats in 2019 Methodology Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats…

Read more →

In the search for new ways to bypass spam filters, attackers are developing new methods of delivering their messages. This year, they made active use of various Google services, as well as popular social networks and video hosting sites.  …

Read more →

In the search for new ways to bypass spam filters, attackers are developing new methods of delivering their messages. This year, they made active use of various Google services, as well as popular social networks (Instagram) and video hosting sites…

Read more →

It was the middle of last year that we detected the start of mass attacks by the xHelper Trojan on Android smartphones, but even now the malware remains as active as ever.   Advertise on IT Security News. Read the…

Read more →

If you read my previous blogpost, “Hunting APTs with YARA” then you probably know about the webinar we’ve done on March 31, 2020, After it we received a number of interesting questions and as I promised, I will try to…

Read more →

After the previous story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom.…

Read more →

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings.   Advertise on IT Security News. Read the complete article: Holy water: ongoing targeted water-holing…

Read more →

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content…

Read more →

Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector.   Advertise on IT…

Read more →

Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector.   Advertise on IT…

Read more →

If you have wondered how to leverage YARA better and how to achieve a new level of knowledge in APT detection, mitigation and response, we can help a bit with a preview of the secret ingredients.   Advertise on IT…

Read more →

If you have wondered how to leverage YARA better and how to achieve a new level of knowledge in APT detection, mitigation and response, we can help a bit with a preview of the secret ingredients.   Advertise on IT…

Read more →

The other day, our Android traps ensnared an interesting specimen of software that can be used for stalking. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality.   Advertise on…

Read more →

The other day, our Android traps ensnared an interesting specimen of stalkerware. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality.   Advertise on IT Security News. Read the complete…

Read more →

We recently discovered a new strain of Android malware. Trojan-Spy.AndroidOS.Cookiethief turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the…

Read more →

We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired.   Advertise on IT Security News. Read the complete article: Mokes and Buerak distributed…

Read more →

Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds.   Advertise on IT Security News. Read the complete article: Roaming Mantis, part V

Read more →

In 2019, Kaspersky mobile products and technologies detected 3,503,952 malicious installation packages, 69,777 new mobile banking Trojans and 68,362 new mobile ransomware Trojans.   Advertise on IT Security News. Read the complete article: Mobile malware evolution 2019

Read more →

In 2019, Kaspersky mobile products and technologies detected 3,503,952 malicious installation packages, 69,777 new mobile banking Trojans and 68,362 new mobile ransomware Trojans.   Advertise on IT Security News. Read the complete article: Mobile malware evolution 2019

Read more →

It is about two and half years since we first open-sourced a tool for remote digital forensics called Bitscout. Today, I am happy to announce that we are releasing a new version of Bitscout, based on the upcoming release of…

Read more →

We discovered what appears to be one of AZORult’s most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows.   Advertise on IT Security News. Read the complete article: AZORult spreads as a fake…

Read more →

Resulta llamativo que en el último trimestre del año la cantidad de ataques y de servidores de comando fuera mucho menor, mientras que el número de ataques muy largos (de más de 400 horas) supera los índices históricos.   Advertise…

Read more →

We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild. We named it KBOT.  …

Read more →

We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild. We named it KBOT.  …

Read more →

Shortly before Christmas and New Year scammers send themed spam, and offer fake sales, promotions, and payouts.   Advertise on IT Security News. Read the complete article: Happy New Fear! Gift-wrapped spam and phishing

Read more →

For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once.   Advertise on IT Security…

Read more →

Cybercriminals use Trojan-Dropper.AndroidOS.Shopper.a to boost certain app’s rating and increase the number of installations and registrations. All this can be used, among other things, to dupe advertisers.   Advertise on IT Security News. Read the complete article: Smartphone shopaholic

Read more →

To attack macOS users, the Lazarus group has developed homemade macOS malware, and added an authentication mechanism to deliver the next stage payload very carefully, as well as loading the next-stage payload without touching the disk.   Advertise on IT…

Read more →