Malware Descriptions – WindowsTechs.com

Arcane stealer: We want all your data

Posted on March 19, 2025 by AMR

The new Arcane stealer spreads via YouTube and Discord, collecting data from many applications, including VPN and gaming clients, network utilities, messaging apps, and browsers. Continue reading Arcane stealer: We want all your data→

SideWinder targets the maritime and nuclear sectors with an updated toolset

Posted on March 10, 2025 by Giampaolo Dedola, Vasily Berdnikov

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors. Continue reading SideWinder targets the maritime and nuclear sectors with an updated toolset→

Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

Posted on March 6, 2025 by

Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites. Continue reading Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity→

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool

Posted on March 5, 2025 by Leonid Bezvershenko, dmitrypikush, Oleg Kupreev

Attackers blackmail YouTubers with complaints and account blocking threats, forcing them to distribute a miner disguised as a bypass tool. Continue reading Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool→

Mobile malware evolution in 2024

Posted on March 3, 2025 by Anton Kivva

The most notable mobile threats of 2024, and statistics on Android-specific malware, adware and potentially unwanted software. Continue reading Mobile malware evolution in 2024→

The SOC files: Chasing the web shell

Posted on February 28, 2025 by Domenico Caldarella

Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing how web shells have evolved. Continue reading The SOC files: Chasing the web shell→

The GitVenom campaign: cryptocurrency theft using GitHub

Posted on February 24, 2025 by Georgy Kucherin, Joao Godinho

Kaspersky researchers discovered GitVenom campaign distributing stealers and open-source backdoors via fake GitHub projects. Continue reading The GitVenom campaign: cryptocurrency theft using GitHub→

Angry Likho: Old beasts in a new forest

Posted on February 21, 2025 by Kaspersky

Kaspersky experts analyze the Angry Likho APT group’s attacks, which use obfuscated AutoIt scripts and the Lumma stealer for data theft. Continue reading Angry Likho: Old beasts in a new forest→

StaryDobry ruins New Year’s Eve, delivering miner instead of presents

Posted on February 18, 2025 by Tatyana Shishkova, Kirill Korchemny

StaryDobry campaign targets gamers with XMRig miner Continue reading StaryDobry ruins New Year’s Eve, delivering miner instead of presents→

Take my money: OCR crypto stealers in Google Play and App Store

Posted on February 5, 2025 by Dmitry Kalinin, Sergey Puzan

Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model. Continue reading Take my money: OCR crypto stealers in Google Play and App Store→