Malware Technologies – WindowsTechs.com

Ymir: new stealthy ransomware in the wild

Posted on November 11, 2024 by Cristian Souza, Ashley Muñoz, Eduardo Ovalle

Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims. Continue reading Ymir: new stealthy ransomware in the wild→

QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Posted on November 8, 2024 by Saurabh Sharma

Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns. Continue reading QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns→

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Posted on October 29, 2024 by Vasily Kolesnikov

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets. Continue reading Lumma/Amadey: fake CAPTCHAs want to know if you’re human→

Grandoreiro, the global trojan with grandiose ambitions

Posted on October 22, 2024 by GReAT

In this report, Kaspersky experts analyze recent Grandoreiro campaigns, new targets, tricks, and banking trojan versions. Continue reading Grandoreiro, the global trojan with grandiose ambitions→

Stealer here, stealer there, stealers everywhere!

Posted on October 21, 2024 by GReAT

Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer. Continue reading Stealer here, stealer there, stealers everywhere!→

Beyond the Surface: the evolution and expansion of the SideWinder APT group

Posted on October 15, 2024 by Giampaolo Dedola, Vasily Berdnikov

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques. Continue reading Beyond the Surface: the evolution and expansion of the SideWinder APT group→

Awaken Likho is awake: new techniques of an APT group

Posted on October 7, 2024 by Kaspersky

Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations. Continue reading Awaken Likho is awake: new techniques of an APT group→

Scam Information and Event Management

Posted on October 4, 2024 by Alexander Kryazhev, Denis Sitchikhin

Malicious actors are spreading miners through fake websites with popular software, Telegram channels and YouTube, installing Wazuh SIEM agent on victims’ devices for persistence. Continue reading Scam Information and Event Management→

Key Group: another ransomware group using leaked builders

Posted on October 1, 2024 by Kaspersky

Kaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram. Continue reading Key Group: another ransomware group using leaked builders→

From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

Posted on September 25, 2024 by Kaspersky

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. Continue reading From 12 to 21: how we discovered connections between the Twelve and BlackJack groups→