HackDig : Dig high-quality web security articles for hacker

Loncom packer: from backdoors to Cobalt Strike

The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-
Publish At:2020-04-02 06:58 | Read:121 | Comments:0 | Tags:Featured Malware descriptions Backdoor Malware Descriptions

Holy water: ongoing targeted water-holing attack in Asia

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor’s unsophisticated but creative toolset has been evolving a lot s
Publish At:2020-03-31 08:22 | Read:144 | Comments:0 | Tags:APT reports Featured Adobe Flash Backdoor drive-by attack Ja

iOS exploit chain deploys LightSpy feature-rich malware

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Since the initial activity, we released two private reports exhaustively detailing spread, exploits, infrast
Publish At:2020-03-26 14:33 | Read:327 | Comments:0 | Tags:APT reports Featured Apple iOS APT Backdoor Google Android I

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor h
Publish At:2020-03-24 06:44 | Read:247 | Comments:0 | Tags:APT reports Featured Encryption Industrial threats Malware D

MonitorMinor: vicious stalkerware

The other day, our Android traps ensnared an interesting specimen of stalkerware — commercial software that is usually used to secretly monitor family members or colleagues. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality. Let’s take a look one step at a time. Modern stalkerware What i
Publish At:2020-03-16 08:00 | Read:277 | Comments:0 | Tags:Featured Malware descriptions Google Android Malware Descrip

Cookiethief: a cookie-stealing Trojan for Android

We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy.AndroidOS.Cookiethief) turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server. The exact means by which the Trojan was able to infect c
Publish At:2020-03-12 06:26 | Read:289 | Comments:0 | Tags:Featured Malware descriptions Android Malware Technologies M

Mokes and Buerak distributed under the guise of security certificates

The technique of distributing malware under the guise of legitimate software updates is not new. As a rule, cybercriminals invite potential victims to install a new version of a browser or Adobe Flash Player. However, we recently discovered a new approach to this well-known method: visitors to infected sites were informed that some kind of security certifica
Publish At:2020-03-05 08:33 | Read:217 | Comments:0 | Tags:Featured Incidents Backdoor Digital Certificates Trojan Vuln

Roaming Mantis, part V

Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds. The attackers’ focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis environment detection and so on. We’ve also observe
Publish At:2020-02-27 10:41 | Read:349 | Comments:0 | Tags:APT reports Featured Botnets Google Android Malware Descript

Mobile malware evolution 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Figures of the year In 2019, Kaspersky mobile products and technologies detected: 3,503,952 malicious installation packages. 69,777 new mobile banking Trojans. 68,362 new mobile ransomware Trojans. Trends of the year In summ
Publish At:2020-02-25 07:25 | Read:233 | Comments:0 | Tags:Featured Malware reports Adware Data theft Malware Statistic

AZORult spreads as a fake ProtonVPN installer

AZORult has its history. However, a few days ago, we discovered what appears to be one of its most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows. Screenshot of a fake ProtonVPN website The campaign started at the end of November 2019 when the threat actor behind it registered a new domain und
Publish At:2020-02-18 06:35 | Read:388 | Comments:0 | Tags:Featured Incidents Botnets Cryptocurrencies Data theft Malve

DDoS attacks in Q4 2019

News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service (ARMS), part of the Apple Remote Desktop (ARD) application for remote administration. The first attacks using A
Publish At:2020-02-15 12:54 | Read:360 | Comments:0 | Tags:DDoS reports Featured Botnets DDoS-attacks DNS Amplification

KBOT: sometimes they come back

Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is th
Publish At:2020-02-10 10:37 | Read:228 | Comments:0 | Tags:Featured Malware descriptions DLL hijacking Malware Descript

Happy New Fear! Gift-wrapped spam and phishing

Pre-holiday spam Easy money In the run-up to Christmas and New Year, scam е-mails mentioning easy pickings, lottery winnings, and other cash surprises are especially popular. All the more so given how simple it is to adapt existing schemes simply by mentioning the holiday in the subject line. For example, one scam е-mail with the subject line “Xsmas gi
Publish At:2020-02-07 06:05 | Read:314 | Comments:0 | Tags:Featured Spam and phishing mailings Malicious spam Phishing

Operation AppleJeus Sequel

The Lazarus group is currently one of the most active and prolific APT actors. In 2018, Kaspersky published a report on one of their campaigns, named Operation AppleJeus. Notably, this operation marked the first time Lazarus had targeted macOS users, with the group inventing a fake company in order to deliver their manipulated application and exploit the hig
Publish At:2020-01-08 06:05 | Read:446 | Comments:0 | Tags:APT reports Featured Apple MacOS Cryptocurrencies Lazarus Ma

Kaspersky Security Bulletin 2019. Statistics

All the statistics used in this report were obtained using Kaspersky Security Network (KSN), a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky product users from 203 countries and territories worldwide participate in this global exc
Publish At:2019-12-12 13:05 | Read:699 | Comments:0 | Tags:Featured Kaspersky Security Bulletin Financial malware Malwa

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud