VIRUS-NEWS
Loncom packer: from backdoors to Cobalt Strike
by Anton Kuzmenko2 Apr 2020 at 10:00am
After the previous story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom.
Holy water: ongoing targeted water-holing attack in Asia
by Ivan Kwiatkowski31 Mar 2020 at 10:00am
On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings.
iOS exploit chain deploys LightSpy feature-rich malware
by Alexey Firsh26 Mar 2020 at 5:32pm
A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page.
WildPressure targets industrial-related entities in the Middle East
by Denis Legezo24 Mar 2020 at 10:00am
Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector.
Hunting APTs with YARA
by Costin Raiu18 Mar 2020 at 4:16pm
If you have wondered how to leverage YARA better and how to achieve a new level of knowledge in APT detection, mitigation and response, we can help a bit with a preview of the secret ingredients.
MonitorMinor: vicious stalkerware?
by Victor Chebyshev16 Mar 2020 at 10:00am
The other day, our Android traps ensnared an interesting specimen of software that can be used for stalking. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality.
Cookiethief: a cookie-stealing Trojan for Android
by Anton Kivva12 Mar 2020 at 10:00am
We recently discovered a new strain of Android malware. Trojan-Spy.AndroidOS.Cookiethief turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals? server.
Mokes and Buerak distributed under the guise of security certificates
by AMR5 Mar 2020 at 10:00am
We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired.
Roaming Mantis, part V
by Suguru Ishimaru27 Feb 2020 at 2:00pm
Kaspersky has continued to track the Roaming Mantis campaign. The group?s attack methods have improved and new targets continuously added in order to steal more funds.
Mobile malware evolution 2019
by Victor Chebyshev25 Feb 2020 at 10:00am
In 2019, Kaspersky mobile products and technologies detected 3,503,952 malicious installation packages, 69,777 new mobile banking Trojans and 68,362 new mobile ransomware Trojans.
