Malware Technologies – Page 7

Free Download Manager backdoored – a possible supply chain attack on Linux machines

Posted on September 12, 2023 by Georgy Kucherin, Leonid Bezvershenko

Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years. Continue reading Free Download Manager backdoored – a possible supply chain attack on Linux machines→

From Caribbean shores to your devices: analyzing Cuba ransomware

Posted on September 11, 2023 by Alexander Kirichenko, Gleb Ivanov

The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident. Continue reading From Caribbean shores to your devices: analyzing Cuba ransomware→

Evil Telegram doppelganger attacks Chinese users

Posted on September 8, 2023 by Igor Golovin

Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data. Continue reading Evil Telegram doppelganger attacks Chinese users→

IT threat evolution in Q2 2023

Posted on August 30, 2023 by David Emm

Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others. Continue reading IT threat evolution in Q2 2023→

Lockbit leak, research opportunities on tools leaked from TAs

Posted on August 25, 2023 by Eduardo Ovalle, Francesco Figurelli

In September of 2022, multiple security news professionals wrote about and confirmed the leakage of a builder for Lockbit 3 ransomware. In this post we provide the analysis of the builder and recently discovered builds. Continue reading Lockbit leak, research opportunities on tools leaked from TAs→

What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot

Posted on August 3, 2023 by GReAT

In this report, we share our recent crimeware findings: the new DarkGate loader, new LokiBot campaign and new Emotet version delivered via OneNote. Continue reading What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot→

Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency

Posted on June 12, 2023 by GReAT, Sergey Lozhkin

Kaspersky researchers share insight into multistage DoubleFinger loader attack delivering GreetingGhoul cryptocurrency stealer and Remcos RAT. Continue reading Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency→

IT threat evolution Q1 2023

Posted on June 7, 2023 by David Emm

Recent BlueNoroff and Roaming Mantis activities, new APT related to the Russo-Ukrainian conflict, ChatGPT and threat intelligence, malvertising through search engines, cryptocurrency theft campaign and fake Tor browser Continue reading IT threat evolution Q1 2023→

Satacom delivers browser extension that steals cryptocurrency

Posted on June 5, 2023 by Haim Zigel, Oleg Kupreev

A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera. Continue reading Satacom delivers browser extension that steals cryptocurrency→

Meet the GoldenJackal APT group. Don’t expect any howls

Posted on May 23, 2023 by Giampaolo Dedola

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher. Continue reading Meet the GoldenJackal APT group. Don’t expect any howls→