Windows Malware – Page 8 – WindowsTechs.com

DTrack activity targeting Europe and Latin America

Posted on November 15, 2022 by Konstantin Zykov, Jornt van der Wiel

In recent campaigns DTrack targets organizations in Europe and Latin America, and uses more delivery stages. Continue reading DTrack activity targeting Europe and Latin America→

Uncommon infection and malware propagation methods

Posted on October 5, 2022 by GReAT

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families. Continue reading Uncommon infection and malware propagation methods→

NullMixer: oodles of Trojans in a single dropper

Posted on September 26, 2022 by Haim Zigel, Oleg Kupreev, Artem Ushkov

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others. Continue reading NullMixer: oodles of Trojans in a single dropper→

Mass email campaign with a pinch of targeted spam

Posted on September 23, 2022 by Roman Dedenok, Artem Ushkov

Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users. Continue reading Mass email campaign with a pinch of targeted spam→

Self-spreading stealer attacks gamers via YouTube

Posted on September 15, 2022 by Oleg Kupreev

A malicious bundle containing the RedLine stealer and a miner is distributed on YouTube through cheats and cracks ads for popular games. Continue reading Self-spreading stealer attacks gamers via YouTube→

Ransomware updates & 1-day exploits

Posted on August 24, 2022 by GReAT

In this report, we discuss the new multi-platform ransomware RedAlert (aka N13V) and Monster, as well as private 1-day exploits for the CVE-2022-24521 vulnerability. Continue reading Ransomware updates & 1-day exploits→

Two more malicious Python packages in the PyPI

Posted on August 16, 2022 by Leonid Bezvershenko, Igor Kuznetsov

We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI. They were masquerading as one of the most popular open-source packages named “requests“. Continue reading Two more malicious Python packages in the PyPI→

IT threat evolution in Q2 2022. Non-mobile statistics

Posted on August 15, 2022 by AMR

Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. Continue reading IT threat evolution in Q2 2022. Non-mobile statistics→

IT threat evolution Q2 2022

Posted on August 15, 2022 by David Emm

ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families. Continue reading IT threat evolution Q2 2022→

LofyLife: malicious npm packages steal Discord tokens and bank card data

Posted on July 28, 2022 by Igor Kuznetsov, Leonid Bezvershenko

This week, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. Continue reading LofyLife: malicious npm packages steal Discord tokens and bank card data→