HackDig : Dig high-quality web security articles for hacker

Miners on the Rise

Miners are a class of malware whose popularity has grown substantially this year. The actual process of cryptocurrency mining is perfectly legal, though there are groups of people who hoodwink unwitting users into installing mining software on their computers, or exploiting software vulnerabilities to do so. This results in threat actors receiving cryptocurr
Publish At:2017-09-12 13:30 | Read:182 | Comments:0 | Tags:Research Botnets Cryptocurrencies Malware Descriptions Socia

Jimmy Nukebot: from Neutrino with love

“You FOOL! This isn’t even my final form!” In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family. A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy. NeutrinoPOS vs Jimmy The au
Publish At:2017-08-29 07:00 | Read:197 | Comments:0 | Tags:Research Banking Trojan Cryptocurrencies Malware Description

Spam and phishing in Q2 2017

Spam: quarterly highlights Delivery service Trojans At the start of Q2 2017, we registered a wave of malicious mailings imitating notifications from well-known delivery services. Trojan downloaders were sent out in ZIP archives, and after being launched they downloaded other malware – Backdoor.Win32.Androm and Trojan.Win32.Kovter. The usual trick of present
Publish At:2017-08-22 09:10 | Read:183 | Comments:0 | Tags:Featured Quarterly Spam Reports Malicious spam Malware Descr

Booking a Taxi for Faketoken

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. The authors of its newer modifications continue to upgrade the malware, while its geographical spread is growing. Some of these modifi
Publish At:2017-08-17 05:05 | Read:246 | Comments:0 | Tags:Mobile Google Android Malware Descriptions Mobile Malware Tr

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations. Attack Geogra
Publish At:2017-08-09 10:25 | Read:278 | Comments:0 | Tags:Research Encryption Malware Descriptions Ransomware Targeted

Schroedinger’s Pet(ya)

Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. If you were one of the unfortunate victims, this screen might look familiar: Kaspersky Lab solutions successfully stop the attack through the System Watcher component. This te
Publish At:2017-06-27 20:10 | Read:344 | Comments:0 | Tags:Featured Incidents Data Encryption Malware Descriptions Rans

Dridex: A History of Evolution

The Dridex banking Trojan, which has become a major financial cyberthreat in the past years (in 2015, the damage done by the Trojan was estimated at over $40 million), stands apart from other malware because it has continually evolved and become more sophisticated since it made its first appearance in 2011. Dridex has been able to escape justice for so long
Publish At:2017-05-25 13:15 | Read:609 | Comments:0 | Tags:Analysis Publications Botnets Financial malware Malware Desc

WannaCry FAQ: What you need to know today

Friday May 12th marked the start of the dizzying madness that has been ‘WannaCry’, the largest ransomware infection in history. Defenders have been running around with their heads on fire trying to get ahead of the infection and to understand the malware’s capabilities. In the process, a lot of wires have gotten crossed and we figured it
Publish At:2017-05-15 13:40 | Read:788 | Comments:0 | Tags:Blog Featured Research Encryption Malware Descriptions Ranso

WannaCry ransomware used in widespread attacks all over the world

Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames. Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This
Publish At:2017-05-13 11:15 | Read:654 | Comments:0 | Tags:Blog Incidents Encryption Malware Descriptions Ransomware Vu

Spam and phishing in Q1 2017

Spam: quarterly highlights Spam from the Necurs botnet We wrote earlier about a sharp increase in the amount of spam with malicious attachments, mainly Trojan encryptors. Most of that spam was coming from the Necurs botnet, which is currently considered the world’s largest spam botnet. However, in late December 2016, the network’s activity almost
Publish At:2017-05-02 05:05 | Read:792 | Comments:0 | Tags:Analysis Featured Quarterly Spam Reports Malicious spam Malw

Use of DNS Tunneling for C&C Communications

– Say my name. – 127.0.0.1! – You are goddamn right. Network communication is a key function for any malicious program. Yes, there are exceptions, such as cryptors and ransomware Trojans that can do their job just fine without using the Internet. However, they also require their victims to establish contact with the threat actor so they can
Publish At:2017-04-28 13:40 | Read:619 | Comments:0 | Tags:Blog Research Backdoor DNS Malware Descriptions Malware Tech

Hajime, the mysterious evolving botnet

Introduction Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. One month later we saw the first samples being uploaded from Spain to VT. This worm builds a huge P2P botnet (almost 300,000 devices at the time of publishing this blogpost), but its real purpose
Publish At:2017-04-25 12:00 | Read:1205 | Comments:0 | Tags:Blog Featured Research Botnets honeypot Internet of Things M

Unraveling the Lamberts Toolkit

Yesterday, our colleagues from Symantec published their analysis of Longhorn, an advanced threat actor that can be easily compared with Regin, ProjectSauron, Equation or Duqu2 in terms of its complexity. Longhorn, which we internally refer to as “The Lamberts”, first came to the attention of the ITSec community in 2014, when our colleagues from F
Publish At:2017-04-16 11:45 | Read:700 | Comments:0 | Tags:Blog Research Backdoor Malware Descriptions Targeted Attacks

Old Malware Tricks To Bypass Detection in the Age of Big Data

Kaspersky Lab has been tracking a targeted attack actor’s activities in Japan and South Korea recently. This attacker has been using the XXMM malware toolkit, which was named after an original project path revealed through a pdb string inside the file: “C:Users123documentsvisual studio 2010Projectsxxmm2Releasetest2.pdb”. We came across an u
Publish At:2017-04-16 11:45 | Read:565 | Comments:0 | Tags:Blog Research APT Cyber espionage Malware Descriptions Malwa

Mobile malware evolution 2016

The year in figures In 2016, Kaspersky Lab detected the following: 8,526,221 malicious installation packages 128,886 mobile banking Trojans 261,214 mobile ransomware Trojans Trends of the year Growth in the popularity of malicious programs using super-user rights, primarily advertising Trojans. Distribution of malware via Google Play and advertising servi
Publish At:2017-02-28 10:10 | Read:890 | Comments:0 | Tags:Analysis Featured Kaspersky Security Bulletin Android Financ

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud