VIRUS-NEWS
Turla renews its arsenal with Topinambour
by GReAT15 Jul 2019 at 10:00am
2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they?re creating new tools. Here we?ll tell you about several of them, namely ?Topinambour? and its related modules.
New FinSpy iOS and Android implants revealed ITW
by GReAT10 Jul 2019 at 10:00am
FinSpy is used to collect a variety of private user information on various platforms. Since 2011 Kaspersky has continuously monitored the development of this malware and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected o...
?Twas the night before
by GReAT4 Jul 2019 at 3:48pm
Recently, the United States Cyber Command highlighted several VirusTotal uploads of theirs ? and the executable objects relating to 2016 ? 2017 NewsBeef/APT33 activity are interesting for a variety of reasons.
Sodin ransomware exploits Windows vulnerability and processor architecture
by Orkhan Mamedov3 Jul 2019 at 10:00am
When Sodin appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers.
How we hacked our colleague?s smart home
by Pavel Cheremushkin1 Jul 2019 at 9:00am
In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API.
Criminals, ATMs and a cup of coffee
by Konstantin Zykov27 Jun 2019 at 12:09pm
In spring 2019, we discovered a new ATM malware sample written in Java that was uploaded to a multiscanner service from Mexico and later from Colombia. After a brief analysis, it became clear that the malware, which we call ATMJaDi, can cash out ATMs.
ViceLeaker Operation: mobile espionage targeting Middle East
by GReAT26 Jun 2019 at 10:00am
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the operation ?ViceLeaker?, because of strings and variables in its code.
Riltok mobile Trojan: A banker with global reach
by Tatyana Shishkova25 Jun 2019 at 10:00am
Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted for the European ?market.
Not-so-dear subscribers
by Igor Golovin20 Jun 2019 at 10:01am
Many people have had a run-in with subscriptions to mobile content providers. They appear out of the blue, and get discovered only when account funds run dry. We recently discovered several apps in Play Market directly related to such intrusive services.
Plurox: Modular backdoor
by Anton Kuzmenko18 Jun 2019 at 10:00am
The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What?s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins.
