Collaborate Disseminate
Guildma’s new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies. Continue reading Ghimob: a Tétrade threat actor moves to infect mobile devices
In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. Continue reading Attacks on industrial enterprises using RMS and TeamViewer: new data
For more than three years, GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat activity. This is our latest installment, focusing on activities that we observed during Q3 2020. Continue reading APT trends report Q3 2020
In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe. Continue reading Transparent Tribe: Evolution analysis,part 2
Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. Continue reading Transparent Tribe: Evolution analysis,part 1
RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group. Continue reading RevengeHotels: cybercrime targeting hotel front desks worldwide
In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. We called these new modules ‘Reductor’ after a .pdb path left in some samples. Continue reading COMpfun successor Reductor infects files on the fly to compromise TLS traffic
When we first discovered ATMDtrack, we thought we were just looking at another ATM malware family. Now we can add another family to the Lazarus group’s arsenal: ATMDtrack and Dtrack. Continue reading Hello! My name is Dtrack
BRATA” is a new Android remote access tool malware family. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. Continue reading Fully equipped Spying Android RAT from Brazil: BRATA
This report details a collection of tools used by MuddyWater threat actor on its targets after initial infection. It also details deceptive techniques used to divert investigations once attack tools have been deployed inside victim systems. Continue reading I know what you did last summer, MuddyWater blending in the crowd