Malware Descriptions – Page 2

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

Posted on December 14, 2023 by Kaspersky GERT, GReAT

We uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities. Continue reading Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol→

FakeSG campaign, Akira ransomware and AMOS macOS stealer

Posted on December 13, 2023 by GReAT

In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS. Continue reading FakeSG campaign, Akira ransomware and AMOS macOS stealer→

New macOS Trojan-Proxy piggybacking on cracked software

Posted on December 6, 2023 by Sergey Puzan

A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address. Continue reading New macOS Trojan-Proxy piggybacking on cracked software→

BlueNoroff: new Trojan attacking macOS users

Posted on December 5, 2023 by Sergey Puzan

BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system. Continue reading BlueNoroff: new Trojan attacking macOS users→

IT threat evolution Q3 2023

Posted on December 1, 2023 by David Emm

Attacks on a critical infrastructure target in South Africa, supply-chain attack on Linux machines, Telegram doppelganger used to target people in China. Continue reading IT threat evolution Q3 2023→

HrServ – Previously unknown web shell used in APT attack

Posted on November 22, 2023 by Mert Degirmenci

In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021. Continue reading HrServ – Previously unknown web shell used in APT attack→

Ducktail fashion week

Posted on November 10, 2023 by AMR

The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers. Continue reading Ducktail fashion week→

WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users

Posted on November 2, 2023 by Dmitry Kalinin

A WhatsApp mod with a built-in spy module has been spreading through Arabic and Azeri Telegram channels since August 2023. Continue reading WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users→

A cascade of compromise: unveiling Lazarus’ new campaign

Posted on October 27, 2023 by Seongsu Park

We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns Continue reading A cascade of compromise: unveiling Lazarus’ new campaign→

StripedFly: Perennially flying under the radar

Posted on October 26, 2023 by Sergey Belov, Vilen Kamalov, Sergey Lozhkin

Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing. Continue reading StripedFly: Perennially flying under the radar→