Announcement

Collapse
No announcement yet.

Articles

Collapse

CMS Home Page

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cybercriminals target early IRS 2018 refunds now

    Cybercriminals target early IRS 2018 refunds now

    On Monday, Jan 29th, IRS officially opened its 2018 season. Right after two days of the opening, we got phishing messages with a fake refund status websites.

    More...
    See more | Go to post

  • Denis and Co.

    Denis and Co.

    In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling.

    More...
    See more | Go to post

  • A silver bullet for the attacker

    A silver bullet for the attacker

    We confront hundreds of thousands of new threats every day and we can see that threat actors are on a constant lookout for new attack opportunities. According to our research, connecting a software license management token to a computer may open a hidden remote access channel for an attacker.

    More...
    See more | Go to post

  • Skygofree: Following in the footsteps of HackingTeam

    Skygofree: Following in the footsteps of HackingTeam

    At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago.

    More...
    See more | Go to post

  • Happy IR in the New Year!

    Happy IR in the New Year!

    Endpoint anal In IR cases we use a very simple script that is uploaded to every Windows computer in the corporate network to collect logs, NTFS data, entries from the Windows registry and strings from the binary files to find out how exactly the attackers were moving through the network. It’s holiday season and it is our pleasure to share this script with you.

    More...
    See more | Go to post

  • Nhash: petty pranks with big finances

    Nhash: petty pranks with big finances

    In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on users’ computers. This time, we’d like to dwell more on how exactly the computers of gullible users start working for cybercriminals.

    More...
    See more | Go to post

  • Travle aka PYLOT backdoor hits Russian-speaking targets

    Travle aka PYLOT backdoor hits Russian-speaking targets

    At the end of September, Palo Alto released a report on Unit42 activity where they – among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle. Coincidentally, KL was recently involved in an investigation of a successful attack where Travle was detected, during which we conducted a deep analysis of this malware.

    More...
    See more | Go to post

  • Jack of all trades

    Jack of all trades

    Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi. This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more.

    More...
    See more | Go to post

  • Kaspersky Security Bulletin. Overall statistics for 2017

    Kaspersky Security Bulletin. Overall statistics for 2017

    In 2017, Kaspersky Lab’s web antivirus detected 15 714 700 unique malicious objects (scripts, exploits, executable files, etc.) and 199 455 606 unique URLs were recognized as malicious by web antivirus components. Kaspersky Lab solutions detected and repelled 1 188 728 338 malicious attacks launched from online resources located in 206 countries all over the world.

    More...
    See more | Go to post

  • Still Stealing

    Still Stealing

    Two years ago we published a blogpost about a popular malware that was being distributed from the Google Play Store. In October and November 2017 we found 85 new malicious apps on Google Play that are stealing credentials for VK.com

    More...
    See more | Go to post
There are no articles in this category.
  • Filter
  • Time
  • Show
Clear All
new posts
Please log in to your account to view your subscribed posts.

Categories

Collapse

Article Tags

Collapse

Latest Articles

Collapse

  • Tens of thousands per Gram
    willie
    In late 2017, information appeared on specialized resources about a Telegram ICO to finance the launch of its own blockchain platform. The lack of information provided fertile ground for scammers: the rumors prompted mailshots seemingly from official representatives of the platform, inviting people to take part in the ICO and purchase tokens.

    More...
    19-04-2018, 18:08
  • Leaking ads
    willie
    We found that because of third-party SDKs many popular apps are exposing user data to the internet, with advertising SDKs usually to blame. They collect user data so they can show relevant ads, but often fail to protect that data when sending it to their servers.

    More...
    18-04-2018, 05:58
  • Roaming Mantis uses DNS hijacking to infect Android smartphones
    willie
    In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantis’.

    More...
    16-04-2018, 16:36
  • Operation Parliament, who is doing what?
    willie
    Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative, executive and judicial bodies around the world.

    More...
    14-04-2018, 01:02
  • APT Trends report Q1 2018
    willie
    In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018.

    More...
    13-04-2018, 10:16
  • Pocket cryptofarms
    willie
    In recent months, the topic of cryptocurrency has been a permanent news fixture — the value of digital money has been see-sawing spectacularly. Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of stories. These include hacked exchanges, Bitcoin and Monero ransoms, and, of course, hidden mining.

    More...
    04-04-2018, 20:33
Working...
X