Malware Technologies – Page 12

Mobile subscription Trojans and their little tricks

Posted on May 6, 2022 by Igor Golovin

Kaspersky analysis of mobile subscription Trojans Joker (Jocker), MobOk, Vesub and GriftHorse and their activity: technical description and statistics. Continue reading Mobile subscription Trojans and their little tricks→

A new secret stash for “fileless” malware

Posted on May 4, 2022 by Denis Legezo

We observed the technique of putting the shellcode into Windows event logs for the first time “in the wild” during the malicious campaign. It allows the “fileless” last stage Trojan to be hidden from plain sight in the file system. Continue reading A new secret stash for “fileless” malware→

How to recover files encrypted by Yanlouwang

Posted on April 18, 2022 by AMR

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files. Continue reading How to recover files encrypted by Yanlouwang→

Emotet modules and recent attacks

Posted on April 13, 2022 by AMR

Emotet was disrupted in January 2021 and returned in November. This report provides technical description of its active modules and statistics on the malware’s recent attacks. Continue reading Emotet modules and recent attacks→

A Bad Luck BlackCat

Posted on April 7, 2022 by GReAT

A new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, but the group is also known as BlackCat. Two recent BlackCat incidents stand out as particularly interesting. Continue reading A Bad Luck BlackCat→

Lazarus Trojanized DeFi app for delivering malware

Posted on March 31, 2022 by GReAT

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor. Continue reading Lazarus Trojanized DeFi app for delivering malware→

Elections GoRansom – a smoke screen for the HermeticWiper attack

Posted on March 1, 2022 by GReAT

We present our analysis of HermeticRansom (aka Elections GoRansom) ransomware that was likely used as a smokescreen for the HermeticWiper attack. Continue reading Elections GoRansom – a smoke screen for the HermeticWiper attack→

Roaming Mantis reaches Europe

Posted on February 7, 2022 by Suguru Ishimaru

We’ve observed some new activities by Roaming Mantis in 2021, and some changes in the Wroba malware that’s mainly used in this campaign. Furthermore, we discovered that France and Germany were added as primary targets of Roaming Mantis. Continue reading Roaming Mantis reaches Europe→

MoonBounce: the dark side of UEFI firmware

Posted on January 20, 2022 by Mark Lechtik, Vasily Berdnikov, Denis Legezo, Ilya Borisov

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41. Continue reading MoonBounce: the dark side of UEFI firmware→

Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks

Posted on January 19, 2022 by Kirill Kruglov

Kaspersky ICS CERT has uncovered a number of spyware campaigns targeting industrial enterprises. Continue reading Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks→