On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. Advertise on IT Security News. Read the complete article: Holy water: ongoing targeted water-holing…
Category: Securelist
iOS exploit chain deploys LightSpy feature-rich malware
A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content…
WildPressure targets industrial-related entities in the Middle East
Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Advertise on IT…
WildPressure targets industrial-related entities in the Middle East
Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Advertise on IT…
Hunting APTs with YARA
If you have wondered how to leverage YARA better and how to achieve a new level of knowledge in APT detection, mitigation and response, we can help a bit with a preview of the secret ingredients. Advertise on IT…
Hunting APTs with YARA
If you have wondered how to leverage YARA better and how to achieve a new level of knowledge in APT detection, mitigation and response, we can help a bit with a preview of the secret ingredients. Advertise on IT…
MonitorMinor: vicious stalkerware?
The other day, our Android traps ensnared an interesting specimen of software that can be used for stalking. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality. Advertise on…
MonitorMinor: vicious stalkerware
The other day, our Android traps ensnared an interesting specimen of stalkerware. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality. Advertise on IT Security News. Read the complete…
Cookiethief: a cookie-stealing Trojan for Android
We recently discovered a new strain of Android malware. Trojan-Spy.AndroidOS.Cookiethief turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the…
Mokes and Buerak distributed under the guise of security certificates
We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired. Advertise on IT Security News. Read the complete article: Mokes and Buerak distributed…
Roaming Mantis, part V
Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds. Advertise on IT Security News. Read the complete article: Roaming Mantis, part V
Mobile malware evolution 2019
In 2019, Kaspersky mobile products and technologies detected 3,503,952 malicious installation packages, 69,777 new mobile banking Trojans and 68,362 new mobile ransomware Trojans. Advertise on IT Security News. Read the complete article: Mobile malware evolution 2019
Mobile malware evolution 2019
In 2019, Kaspersky mobile products and technologies detected 3,503,952 malicious installation packages, 69,777 new mobile banking Trojans and 68,362 new mobile ransomware Trojans. Advertise on IT Security News. Read the complete article: Mobile malware evolution 2019
Cybersecurity Research During the Coronavirus Outbreak and After
It is about two and half years since we first open-sourced a tool for remote digital forensics called Bitscout. Today, I am happy to announce that we are releasing a new version of Bitscout, based on the upcoming release of…
AZORult spreads as a fake ProtonVPN installer
We discovered what appears to be one of AZORult’s most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows. Advertise on IT Security News. Read the complete article: AZORult spreads as a fake…
DDoS attacks in Q4 2019
Resulta llamativo que en el último trimestre del año la cantidad de ataques y de servidores de comando fuera mucho menor, mientras que el número de ataques muy largos (de más de 400 horas) supera los índices históricos. Advertise…
KBOT: sometimes they come back
We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild. We named it KBOT. …
KBOT: sometimes they come back
We recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is the first “living” virus in recent years that we have spotted in the wild. We named it KBOT. …
Happy New Fear! Gift-wrapped spam and phishing
Shortly before Christmas and New Year scammers send themed spam, and offer fake sales, promotions, and payouts. Advertise on IT Security News. Read the complete article: Happy New Fear! Gift-wrapped spam and phishing
Shlayer Trojan attacks one in ten macOS users
For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once. Advertise on IT Security…
Smartphone shopaholic
Cybercriminals use Trojan-Dropper.AndroidOS.Shopper.a to boost certain app’s rating and increase the number of installations and registrations. All this can be used, among other things, to dupe advertisers. Advertise on IT Security News. Read the complete article: Smartphone shopaholic
Operation AppleJeus Sequel
To attack macOS users, the Lazarus group has developed homemade macOS malware, and added an authentication mechanism to deliver the next stage payload very carefully, as well as loading the next-stage payload without touching the disk. Advertise on IT…