Windows Malware – WindowsTechs.com

Scammer Black Friday offers: Online shopping threats and dark web sales

Posted on November 19, 2024 by Kaspersky

Kaspersky experts share their insights into cyberthreats that face online shoppers in 2024: phishing, banking trojans, fake shopping apps and Black Friday sales on the dark web data market. Continue reading Scammer Black Friday offers: Online shopping threats and dark web sales→

Ymir: new stealthy ransomware in the wild

Posted on November 11, 2024 by Cristian Souza, Ashley Muñoz, Eduardo Ovalle

Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims. Continue reading Ymir: new stealthy ransomware in the wild→

QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Posted on November 8, 2024 by Saurabh Sharma

Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns. Continue reading QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns→

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Posted on November 6, 2024 by Kirill Korchemny

Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle. Continue reading New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency→

Lumma/Amadey: fake CAPTCHAs want to know if you’re human

Posted on October 29, 2024 by Vasily Kolesnikov

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets. Continue reading Lumma/Amadey: fake CAPTCHAs want to know if you’re human→

Stealer here, stealer there, stealers everywhere!

Posted on October 21, 2024 by GReAT

Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer. Continue reading Stealer here, stealer there, stealers everywhere!→

Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia

Posted on October 18, 2024 by Kaspersky

A close look at the utilities, techniques, and infrastructure used by the hacktivist group Crypt Ghouls has revealed links to groups such as Twelve, BlackJack, etc. Continue reading Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia→

Awaken Likho is awake: new techniques of an APT group

Posted on October 7, 2024 by Kaspersky

Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations. Continue reading Awaken Likho is awake: new techniques of an APT group→

Scam Information and Event Management

Posted on October 4, 2024 by Alexander Kryazhev, Denis Sitchikhin

Malicious actors are spreading miners through fake websites with popular software, Telegram channels and YouTube, installing Wazuh SIEM agent on victims’ devices for persistence. Continue reading Scam Information and Event Management→

Key Group: another ransomware group using leaked builders

Posted on October 1, 2024 by Kaspersky

Kaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram. Continue reading Key Group: another ransomware group using leaked builders→