VIRUS-NEWS
Energetic Bear/Crouching Yeti: attacks on servers
by Kaspersky Lab ICS CERT23 Apr 2018 at 10:00am
This report by Kaspersky Lab ICS CERT presents information on identified servers that have been infected and used by the Energetic Bear/Crouching Yeti group. The report also includes the findings of an analysis of several webservers compromised by the group during 2016 and in early 2017.
Tens of thousands per Gram
by Nadezhda Demidova19 Apr 2018 at 10:00am
In late 2017, information appeared on specialized resources about a Telegram ICO to finance the launch of its own blockchain platform. The lack of information provided fertile ground for scammers: the rumors prompted mailshots seemingly from official representatives of the platform, inviting peop...
Leaking ads
by Roman Unuchek17 Apr 2018 at 9:15pm
We found that because of third-party SDKs many popular apps are exposing user data to the internet, with advertising SDKs usually to blame. They collect user data so they can show relevant ads, but often fail to protect that data when sending it to their servers.
Roaming Mantis uses DNS hijacking to infect Android smartphones
by Suguru Ishimaru16 Apr 2018 at 8:30am
In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our rese...
APT Trends report Q1 2018
by GReAT12 Apr 2018 at 10:00am
In the second quarter of 2017, Kaspersky?s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter?s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing ...
Operation Parliament, who is doing what?
by GReAT12 Apr 2018 at 7:00am
Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage ? they involve gaining access to top legislative, executive an...
Pocket cryptofarms
by Roman Unuchek4 Apr 2018 at 10:00am
In recent months, the topic of cryptocurrency has been a permanent news fixture ? the value of digital money has been see-sawing spectacularly. Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of ...
Your new friend, KLara
by GReAT28 Mar 2018 at 10:00am
In R&D we use a lot of open-source projects and we believe giving back to the community is our way of saying ?Thank you?. More and more security companies are releasing their open-source projects and we would like to contribute with our distributed YARA scanner.
Threat Landscape for Industrial Automation Systems in H2 2017
by Kaspersky Lab ICS CERT26 Mar 2018 at 10:00am
Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017. The main objective of these publications is to provide information support to incident response teams, enterprise information security ...
Goodfellas, the Brazilian carding scene is after you
by Thiago Marques15 Mar 2018 at 10:00am
There are three ways of doing things in the malware business: the right way, the wrong way and the way Brazilians do it. From the early beginnings, using skimmers on ATMs, compromising point of sales systems, or even modifying the hardware of processing devices, Latin America has been a fertile g...
