Malware Technologies – Page 3

LianSpy: new Android spyware targeting Russian users

Posted on August 5, 2024 by Dmitry Kalinin

Previously unknown spyware LianSpy targets Android devices by exploiting root privileges to steal data and leveraging Yandex Disk cloud service as C2. Continue reading LianSpy: new Android spyware targeting Russian users→

How “professional” ransomware variants boost cybercrime groups

Posted on August 1, 2024 by GReAT

Kaspersky researchers investigated three ransomware groups that tapped newly built malware samples based on Babuk, Lockbit, Chaos and others, while lacking professional resources. Continue reading How “professional” ransomware variants boost cybercrime groups→

CloudSorcerer – A new APT targeting Russian government entities

Posted on July 8, 2024 by Sergey Lozhkin

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor. Continue reading CloudSorcerer – A new APT targeting Russian government entities→

XZ backdoor: Hook analysis

Posted on June 24, 2024 by Anderson Leite, Sergey Belov

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook. Continue reading XZ backdoor: Hook analysis→

IT threat evolution Q1 2024

Posted on June 3, 2024 by David Emm

In this report, we review the most significant malware-related events of Q1 2024: the disclosure of the hardware vulnerability used in Operation Triangulation, a lightweight method to detect iOS malware and DinodasRAT Linux implant. Continue reading IT threat evolution Q1 2024→

ShrinkLocker: Turning BitLocker into ransomware

Posted on May 23, 2024 by Cristian Souza, Eduardo Ovalle, Ashley Muñoz, Christopher Zachor

The Kaspersky GERT has detected a new group that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. Continue reading ShrinkLocker: Turning BitLocker into ransomware→

Stealers, stealers and more stealers

Posted on May 22, 2024 by GReAT

In this report, we discuss two new stealers: Acrid and ScarletStealer, and an evolution of the known Sys01 stealer, with the latter two dividing stealer functionality across several modules. Continue reading Stealers, stealers and more stealers→

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Posted on April 18, 2024 by GReAT

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. Continue reading DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware→

SoumniBot: the new Android banker’s unique techniques

Posted on April 17, 2024 by Dmitry Kalinin

We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection. Continue reading SoumniBot: the new Android banker’s unique techniques→

Using the LockBit builder to generate targeted ransomware

Posted on April 15, 2024 by Eduardo Ovalle, Francesco Figurelli, Cristian Souza, Ashley Muñoz

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder. Continue reading Using the LockBit builder to generate targeted ransomware→