HackDig : Dig high-quality web security articles for hacker

Loncom packer: from backdoors to Cobalt Strike

The previous story described an unusual way of distributing malware under disguise of an update for an expired security certificate. After the story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-
Publish At:2020-04-02 06:58 | Read:121 | Comments:0 | Tags:Featured Malware descriptions Backdoor Malware Descriptions

Holy water: ongoing targeted water-holing attack in Asia

On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor’s unsophisticated but creative toolset has been evolving a lot s
Publish At:2020-03-31 08:22 | Read:144 | Comments:0 | Tags:APT reports Featured Adobe Flash Backdoor drive-by attack Ja

iOS exploit chain deploys LightSpy feature-rich malware

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Since the initial activity, we released two private reports exhaustively detailing spread, exploits, infrast
Publish At:2020-03-26 14:33 | Read:320 | Comments:0 | Tags:APT reports Featured Apple iOS APT Backdoor Google Android I

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor h
Publish At:2020-03-24 06:44 | Read:247 | Comments:0 | Tags:APT reports Featured Encryption Industrial threats Malware D

MonitorMinor: vicious stalkerware

The other day, our Android traps ensnared an interesting specimen of stalkerware — commercial software that is usually used to secretly monitor family members or colleagues. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality. Let’s take a look one step at a time. Modern stalkerware What i
Publish At:2020-03-16 08:00 | Read:277 | Comments:0 | Tags:Featured Malware descriptions Google Android Malware Descrip

Cookiethief: a cookie-stealing Trojan for Android

We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy.AndroidOS.Cookiethief) turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server. The exact means by which the Trojan was able to infect c
Publish At:2020-03-12 06:26 | Read:289 | Comments:0 | Tags:Featured Malware descriptions Android Malware Technologies M

Roaming Mantis, part V

Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds. The attackers’ focus has also shifted to techniques that avoid tracking and research: whitelist for distribution, analysis environment detection and so on. We’ve also observe
Publish At:2020-02-27 10:41 | Read:349 | Comments:0 | Tags:APT reports Featured Botnets Google Android Malware Descript

KBOT: sometimes they come back

Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, a virus. It is th
Publish At:2020-02-10 10:37 | Read:228 | Comments:0 | Tags:Featured Malware descriptions DLL hijacking Malware Descript

Smartphone shopaholic

Have you ever noticed strange reviews of Google Play apps that look totally out of place? Their creators might give it five stars, while dozens of users rate it with just one, and in some cases the reviews seem to be talking about some other program entirely. If so, you may be unknowingly acquainted with the work of Trojan-Dropper.AndroidOS.Shopper.a. How
Publish At:2020-01-09 06:05 | Read:511 | Comments:0 | Tags:Malware descriptions Malware Descriptions Malware Technologi

Operation AppleJeus Sequel

The Lazarus group is currently one of the most active and prolific APT actors. In 2018, Kaspersky published a report on one of their campaigns, named Operation AppleJeus. Notably, this operation marked the first time Lazarus had targeted macOS users, with the group inventing a fake company in order to deliver their manipulated application and exploit the hig
Publish At:2020-01-08 06:05 | Read:446 | Comments:0 | Tags:APT reports Featured Apple MacOS Cryptocurrencies Lazarus Ma

OilRig’s Poison Frog – old samples, same trick

After we wrote our private report on the OilRig leak, we decided to scan our archives with our YARA rule, to hunt for new and older samples. Aside from finding some new samples, we believe we also succeeded in finding some of the first Poison Frog samples. Poison Frog We’re not quite sure whether the name Poison Frog is the name given to the backdoor b
Publish At:2019-12-17 13:05 | Read:489 | Comments:0 | Tags:APT reports APT Backdoor Malware Descriptions PowerShell

Story of the year 2019: Cities under ransomware siege

Ransomware has been targeting the private sector for years now. Overall awareness of the need for security measures is growing, and cybercriminals are increasing the precision of their targeting to locate victims with security breaches in their defense systems. Looking back at the past three years, the share of users targeted with ransomware in the overall
Publish At:2019-12-11 06:05 | Read:698 | Comments:0 | Tags:Featured Kaspersky Security Bulletin Malware Descriptions Ma

IT threat evolution Q3 2019

Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this
Publish At:2019-11-30 13:05 | Read:1241 | Comments:0 | Tags:Featured Malware reports Apple MacOS APT connected car Cyber

Spam and phishing in Q3 2019

Quarterly highlights Amazon Prime In Q3, we registered numerous scam mailings related to Amazon Prime. Most of the phishing emails with a link to a fake Amazon login page offered new prices or rewards for buying things, or reported problems with membership, etc. Against the backdrop of September’s Prime Day sale, such messages were plausible. Scammers
Publish At:2019-11-26 06:05 | Read:648 | Comments:0 | Tags:Featured Spam and phishing reports Malicious spam Malware De

Titanium: the Platinum group strikes again

Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of a sequence of dropping, downloading and installing stages. The ma
Publish At:2019-11-12 01:05 | Read:719 | Comments:0 | Tags:APT reports Featured Backdoor fileless malware Malware Descr

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud