XZ backdoor story – Initial analysis
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process. Continue reading XZ backdoor story – Initial analysis
Category Archives: Malware Technologies
DinodasRAT Linux implant targeting entities worldwide
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022. Continue reading DinodasRAT Linux implant targeting entities worldwide
What’s in your notepad? Infected text editors target Chinese users
Infected versions of the text editors VNote and Notepad‐‐ for Linux and macOS, apparently loading a backdoor, are being distributed through a Chinese search engine. Continue reading What’s in your notepad? Infected text editors target Chinese users
Network tunneling with… QEMU?
While investigating an incident, we detected uncommon malicious activity inside one of the systems. We ran an analysis on the artifacts, only to find that the adversary had deployed and launched the QEMU hardware emulator. Continue reading Network tunneling with… QEMU?
Coyote: A multi-stage banking Trojan abusing the Squirrel installer
We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil. Continue reading Coyote: A multi-stage banking Trojan abusing the Squirrel installer
Cracked software beats gold: new macOS backdoor stealing cryptowallets
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware. Continue reading Cracked software beats gold: new macOS backdoor stealing cryptowallets
Cracked software beats gold: new macOS backdoor stealing cryptowallets
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware. Continue reading Cracked software beats gold: new macOS backdoor stealing cryptowallets
Operation Triangulation: The last (hardware) mystery
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs. Continue reading Operation Triangulation: The last (hardware) mystery
Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)
This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Continue reading Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)
Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)
This is part four of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Continue reading Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)