Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it marked the first time Lazarus had targeted macOS targets, with t

These statistics are based on detection verdicts for Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky solutions blocked 726,536,269 attacks launched from online resources in 203 countries across the globe. A total of 442,039,230 unique URLs were recognize

In July 2019, Dr. Web reported about a backdoor trojan in Google Play, which appeared to be sophisticated and unlike common malware often uploaded for stealing victims’ money or displaying ads. So, we conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”, its earliest registered domain dating back

Methodology Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats are usually accompanied by spam and phishing activities, with malicious users creating fake financial-themed pages and em

The Lazarus group is currently one of the most active and prolific APT actors. In 2018, Kaspersky published a report on one of their campaigns, named Operation AppleJeus. Notably, this operation marked the first time Lazarus had targeted macOS users, with the group inventing a fake company in order to deliver their manipulated application and exploit the hig

Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network: Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe. 560,025,316 unique URLs were recognized as malicious

Introduction The belief that there are no threats for the macOS operating system (or at least no serious threats) has been bandied about for decades. The owners of MacBooks and iMacs are only rivaled by Linux users in terms of the level of confidence in their own security, and we must admit that they are right to a certain degree: compared to Windows-based s

In December 2014 we discovered a very interesting vulnerability in the Darwin kernel, which is an open source part of Apple's two operating systems: OS X and iOS. As a result, OS X 10.10 and iOS 8 are also at risk. This vulnerability is connected with the processing of an IP packet that has a specific size and invalid IP options. As a result, remote attacker

 Download Full Report PDF In 2013 we conducted our first in-depth research into the financial cyber-threat landscape. At that time we registered a sudden surge in the number of attacks targeting users' financial information and money. The financial cyber threats landscape was discussed in detail in Kaspersky Lab's "Financial Cyber-threats in 2013" r

 Download PDF Download EPUB All statistics used in this report were obtained using Kaspersky Security Network (KSN) a distributed antivirus network based on the work of various components of Kaspersky Lab's anti-malware protection. The data was collected from KSN users who agreed to transfer it. Millions of Kaspersky Lab products users from 21

 PDF version EPUB version Cyber-criminals merge with APT In 2015, we expect to see another stage in the evolution of cyber-criminal activity with the adoption of APT tactics and techniques in financially motivated online criminal activity. During a recent investigation, we discovered an attack in which an accountant's computer was compromised an

Recently, news appeared about an interesting attack where cybercriminals infect iPhones and Mac OSX users with a rather peculiar malware dubbed WireLurker. You can find a thorough paper from Palo Alto here. First of all, it's important to note that all Kaspersky Lab users are protected against this threat. The malicious files used by WireLurker are identifie

We got an interesting file (MD5 9283c61f8cce4258c8111aaf098d21ee) for analysis a short while ago. It turned out to be a sample of modular malware for MacOS X. Even after preliminary analysis it was clear that the file was not designed for any good purpose: an ordinary 64-bit mach-o executable contained several more mach-o files in its data section; it s