Malware Technologies – Page 8

CloudWizard APT: the bad magic story goes on

Posted on May 19, 2023 by Leonid Bezvershenko, Georgy Kucherin, Igor Kuznetsov

Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict. Continue reading CloudWizard APT: the bad magic story goes on→

Minas – on the way to complexity

Posted on May 17, 2023 by Ilya Borisov, Vasily Berdnikov

Kaspersky analysis of a complicated multi-stage attack dubbed Minas that features a number of detection evasion and persistence techniques and results in a cryptocurrency miner infection. Continue reading Minas – on the way to complexity→

New ransomware trends in 2023

Posted on May 11, 2023 by GReAT

On the eve of the global Anti-Ransomware Day, Kaspersky researchers share an overview of the key trends observed among ransomware groups. Continue reading New ransomware trends in 2023→

Not quite an Easter egg: a new family of Trojan subscribers on Google Play

Posted on May 4, 2023 by Dmitry Kalinin

The new Trojan family, Fleckpe, spreads via Google Play inside photo editors and wallpapers, subscribing the unaware user to paid services. Continue reading Not quite an Easter egg: a new family of Trojan subscribers on Google Play→

Tomiris called, they want their Turla malware back

Posted on April 24, 2023 by Pierre Delcher, Ivan Kwiatkowski

We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we’re excited to share what we now know of Tomiris with the broader community, and discuss further evidence of a possible connection to Turla. Continue reading Tomiris called, they want their Turla malware back→

QBot banker delivered through business correspondence

Posted on April 17, 2023 by Victoria Vlasova, Andrey Kovtun, Darya Ivanova

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mails that were based on real business letters the attackers had gotten access to. Continue reading QBot banker delivered through business correspondence→

Uncommon infection methods—part 2

Posted on April 13, 2023 by GReAT

Kaspersky researchers discuss infection methods used by Mirai-based RapperBot, Rhadamantys stealer, and CUEMiner: smart brute forcing, malvertising, and distribution through BitTorrent and OneDrive. Continue reading Uncommon infection methods—part 2→

Following the Lazarus group by tracking DeathNote campaign

Posted on April 12, 2023 by Seongsu Park

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we’ll focus on an active cluster that we dubbed DeathNote. Continue reading Following the Lazarus group by tracking DeathNote campaign→

Overview of Google Play threats sold on the dark web

Posted on April 10, 2023 by Kaspersky Security Services, GReAT

Kaspersky research into dark web offers related to Android malware and its distribution via Google Play: hacked app developer accounts, malicious loaders, etc. Continue reading Overview of Google Play threats sold on the dark web→

Copy-paste heist or clipboard-injector attacks on cryptousers

Posted on March 28, 2023 by Vitaly Kamluk

Clipboard injector malware targeting cryptocurrencies such as Bitcoin, Ethereum, Litecoin, Dogecoin and Monero, is distributed under the guise of Tor Browser. Continue reading Copy-paste heist or clipboard-injector attacks on cryptousers→