Malware Technologies – Page 6

Ducktail fashion week

Posted on November 10, 2023 by AMR

The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers. Continue reading Ducktail fashion week→

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

Posted on November 9, 2023 by

Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups. Continue reading Modern Asian APT groups’ tactics, techniques and procedures (TTPs)→

A cascade of compromise: unveiling Lazarus’ new campaign

Posted on October 27, 2023 by Seongsu Park

We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns Continue reading A cascade of compromise: unveiling Lazarus’ new campaign→

StripedFly: Perennially flying under the radar

Posted on October 26, 2023 by Sergey Belov, Vilen Kamalov, Sergey Lozhkin

Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing. Continue reading StripedFly: Perennially flying under the radar→

Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

Posted on October 24, 2023 by GReAT

In this report, we share our latest crimeware findings: GoPIX targeting PIX payment system; Lumar stealing files and passwords; Rhysida ransomware supporting old Windows. Continue reading Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware→

The outstanding stealth of Operation Triangulation

Posted on October 23, 2023 by Georgy Kucherin, Leonid Bezvershenko, Valentin Pashkov

In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules. Continue reading The outstanding stealth of Operation Triangulation→

Money-making scripts attack organizations

Posted on October 19, 2023 by Vasily Kolesnikov

Cybercriminals attack government, law enforcement, non-profit organizations, agricultural and commercial companies by slipping a cryptominer, keylogger, and backdoor into their systems. Continue reading Money-making scripts attack organizations→

Updated MATA attacks industrial companies in Eastern Europe

Posted on October 18, 2023 by GReAT, Kaspersky ICS CERT

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry. Continue reading Updated MATA attacks industrial companies in Eastern Europe→

ToddyCat: Keep calm and check logs

Posted on October 12, 2023 by Giampaolo Dedola, Domenico Caldarella, Alexander Fedotov, Andrey Gunkin

In this article, we’ll describe ToddyCat new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations. Continue reading ToddyCat: Keep calm and check logs→

A cryptor, a stealer and a banking trojan

Posted on September 28, 2023 by GReAT

In this report, we share our latest crimeware findings: the ASMCrypt cryptor/loader related to DoubleFinger, a new Lumma stealer and a new version of Zanubis Android banking trojan. Continue reading A cryptor, a stealer and a banking trojan→