Malware Descriptions – Page 4

ShrinkLocker: Turning BitLocker into ransomware

Posted on May 23, 2024 by Cristian Souza, Eduardo Ovalle, Ashley Muñoz, Christopher Zachor

The Kaspersky GERT has detected a new group that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. Continue reading ShrinkLocker: Turning BitLocker into ransomware→

Stealers, stealers and more stealers

Posted on May 22, 2024 by GReAT

In this report, we discuss two new stealers: Acrid and ScarletStealer, and an evolution of the known Sys01 stealer, with the latter two dividing stealer functionality across several modules. Continue reading Stealers, stealers and more stealers→

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Posted on April 18, 2024 by GReAT

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. Continue reading DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware→

SoumniBot: the new Android banker’s unique techniques

Posted on April 17, 2024 by Dmitry Kalinin

We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection. Continue reading SoumniBot: the new Android banker’s unique techniques→

Using the LockBit builder to generate targeted ransomware

Posted on April 15, 2024 by Eduardo Ovalle, Francesco Figurelli, Cristian Souza, Ashley Muñoz

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder. Continue reading Using the LockBit builder to generate targeted ransomware→

XZ backdoor story – Initial analysis

Posted on April 12, 2024 by GReAT

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process. Continue reading XZ backdoor story – Initial analysis→

DinodasRAT Linux implant targeting entities worldwide

Posted on March 28, 2024 by Anderson Leite, Lisandro Ubiedo

In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022. Continue reading DinodasRAT Linux implant targeting entities worldwide→

What’s in your notepad? Infected text editors target Chinese users

Posted on March 13, 2024 by Sergey Puzan

Infected versions of the text editors VNote and Notepad‐‐ for Linux and macOS, apparently loading a backdoor, are being distributed through a Chinese search engine. Continue reading What’s in your notepad? Infected text editors target Chinese users→

The mobile malware threat landscape in 2023

Posted on February 26, 2024 by Anton Kivva

This report details statistics and key trends associated with mobile malware: Google Play Trojans, malicious messaging app mods, and others. Continue reading The mobile malware threat landscape in 2023→

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

Posted on February 8, 2024 by GReAT

We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil. Continue reading Coyote: A multi-stage banking Trojan abusing the Squirrel installer→