HackDig : Dig high-quality web security articles

Malicious code in APKPure app

Recently, we’ve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source. We notified t
Publish At:2021-04-09 13:17 | Read:84 | Comments:0 | Tags:Incidents Code injection Google Android Malware Technologies

Financial Cyberthreats in 2020

2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new conditions, so were scammers. As a result, 2020 was extremely eventfu
Publish At:2021-03-31 10:46 | Read:209 | Comments:0 | Tags:Publications Electronic Payments Financial malware Google An

Mobile malware evolution 2020

These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. The year in figures In 2020, Kaspersky mobile products and technologies detected: 5,683,694 malicious installation packages, 156,710 new mobile banking Trojans, 20,708 new mobile ransomware Trojans. Trends of the year In t
Publish At:2021-03-01 13:00 | Read:297 | Comments:0 | Tags:Malware reports Apple iOS Data theft Google Android Malware

The state of stalkerware in 2020

 The state of stalkerware in 2020 (PDF) Main findings Kaspersky’s data shows that the scale of the stalkerware issue has not improved much in 2020 compared to the last year: The number of people affected is still high. In total, 53,870 of our mobile users were affected globally by stalkerware in 2020. Keeping in mind the big picture, these number
Publish At:2021-02-26 05:49 | Read:399 | Comments:0 | Tags:Publications Cyberbullying Cybercrime Google Android Mobile

APT annual review: What the world’s threat actors got up to in 2020

We track the ongoing activities of more than 900 advanced threat actors; you can find our quarterly overviews here, here and here. Here we try to focus on what we consider to be the most interesting trends and developments of the last 12 months. This is based on our visibility in the threat landscape; and it’s important to note that no single vendor ha
Publish At:2020-12-03 07:18 | Read:638 | Comments:0 | Tags:Featured Kaspersky Security Bulletin Apple iOS Apple MacOS A

Ghimob: a Tétrade threat actor moves to infect mobile devices

Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting financial apps from banks, fintechs, exchanges and cryptocurrencies i
Publish At:2020-11-09 06:05 | Read:671 | Comments:0 | Tags:Featured Malware descriptions Brazil Cryptocurrencies Financ

APT trends report Q3 2020

For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They
Publish At:2020-11-03 08:30 | Read:574 | Comments:0 | Tags:APT reports Featured APT Chinese-speaking cybercrime Cyber e

Transparent Tribe: Evolution analysis,part 2

Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian military and government personnel. This is the second of two artic
Publish At:2020-08-26 06:34 | Read:945 | Comments:0 | Tags:APT reports Featured APT Google Android Malware Descriptions

Aggressive in-app advertising in Android

Recently, we’ve been noticing ever more dubious advertising libraries in popular apps on Google Play. The monetization methods used in such SDKs can pose a threat to users, yet they pull in more revenue for developers than whitelisted ad modules due to the greater number of views. In this post we will look into a few examples of suspicious-looking ad m
Publish At:2020-05-25 06:21 | Read:1429 | Comments:0 | Tags:Featured Research Adware Google Android

IT threat evolution Q1 2020

Targeted attacks and malware campaigns Operation AppleJeus: the sequel In 2018, we published a report on Operation AppleJeus, one of the more notable campaigns of the threat actor Lazarus, currently one of the most active and prolific APT groups. One notable feature of this campaign was that it marked the first time Lazarus had targeted macOS targets, with t
Publish At:2020-05-24 07:11 | Read:1110 | Comments:0 | Tags:Featured Malware reports Apple iOS Apple MacOS APT Data leak

IT threat evolution Q1 2020. Statistics

These statistics are based on detection verdicts for Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, Kaspersky solutions blocked 726,536,269 attacks launched from online resources in 203 countries across the globe. A total of 442,039,230 unique URLs were recognize
Publish At:2020-05-24 07:11 | Read:914 | Comments:0 | Tags:Featured Malware reports Apple MacOS Financial malware Googl

Hiding in plain sight: PhantomLance walks into a market

In July 2019, Dr. Web reported about a backdoor trojan in Google Play, which appeared to be sophisticated and unlike common malware often uploaded for stealing victims’ money or displaying ads. So, we conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”, its earliest registered domain dating back
Publish At:2020-05-03 08:09 | Read:1021 | Comments:0 | Tags:APT reports Featured Apple MacOS APT Backdoor Google Android

Financial Cyberthreats in 2019

Methodology Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats are usually accompanied by spam and phishing activities, with malicious users creating fake financial-themed pages and em
Publish At:2020-04-16 07:00 | Read:1603 | Comments:0 | Tags:Featured Publications Apple MacOS ATM Electronic Payments Fi

iOS exploit chain deploys LightSpy feature-rich malware

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Since the initial activity, we released two private reports exhaustively detailing spread, exploits, infrast
Publish At:2020-03-26 14:33 | Read:1356 | Comments:0 | Tags:APT reports Featured Apple iOS APT Backdoor Google Android I

MonitorMinor: vicious stalkerware

The other day, our Android traps ensnared an interesting specimen of stalkerware — commercial software that is usually used to secretly monitor family members or colleagues. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality. Let’s take a look one step at a time. Modern stalkerware What i
Publish At:2020-03-16 08:00 | Read:1689 | Comments:0 | Tags:Featured Malware descriptions Google Android Malware Descrip