JAVA-VBS Joint Exercise Delivers RAT
The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed. […] more…Spam and phishing in 2016
The year in figures According to Kaspersky Lab, in 2016: The proportion of spam in email flows was 58.31%, which is 3.03 percentage points more than in 2015. 62.16% of spam emails were no more than 2 KB in size. 12.08% of spam was sent from the US. Trojan.Win32.Bayrob was the most popular malware family […] more…Spam and phishing in Q1 2016
Spam: features of the quarter Trending: dramatic increase in volume of malicious spam The first quarter of 2016 saw a dramatic increase in the number of unsolicited emails containing malicious attachments. Over the last two years the number of email antivirus detections on computers with a Kaspersky Lab product installed fluctuated between 3 and 6 […] more…The Tetrade: Brazilian banking malware goes global
Introduction Brazil is a well-known country with plenty of banking trojans developed by local crooks. The Brazilian criminal underground is home to some of the world’s busiest and most creative perpetrators of cybercrime. Like their counterparts’ in China and Russia, their cyberattacks have a strong local flavor, and for a long time, they limited their […] more…New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel
by Jaromir Horejsi and Joseph C. Chen We discovered a new exploit kit we named Underminer that employs capabilities used by other exploit kits to deter researchers from tracking its activity or reverse engineering the payloads. Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera. […] more…Malicious Edge and Chrome Extension Used to Deliver Backdoor
by Jaromir Horejsi, Joseph C. Chen, and Loseway Lu We noticed a series of testing submissions in VirusTotal that apparently came from the same group of malware developers in Moldova, at least based on the filenames and the submissions’ source. It appears they are working on a new malware that — based on how they […] more…jRAT Leverages Crypter Service to Stay Undetected
In recently observed attacks, the jRAT backdoor was using crypter services hosted on the dark web to evade detection, Trustwave security researchers have discovered. Also known as Adwind, AlienSpy, Frutas, Unrecom, and Sockrat, the jRAT malware is a Windows-based Remote Access Trojan (RAT) discovered several years ago that has already infected nearly half a million […] more…A360 Drive Abused to Deliver Adwind, Remcos, Netwire RATs
By Jaromir Horejsi (Threats Analyst) Cloud-based storage platforms have a history of cybercriminal abuse, from hosting malicious files and directly delivering malware to even making them part of a command-and-control (C&C) infrastructure. GitHub was misused this way when the Winnti group used it as a conduit for its C&C communications. We saw a similar—albeit a […] more…Autodesk’s A360 Drive Abused to Deliver Adwind, Remcos, Netwire RATs
By Jaromir Horejsi (Threats Analyst) Cloud-based storage platforms have a history of cybercriminal abuse, from hosting malicious files and directly delivering malware to even making them part of a command-and-control (C&C) infrastructure. GitHub was misused this way when the Winnti group used it as a conduit for its C&C communications. We saw a similar—albeit a […] more…Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind
Cybercriminals are opportunists. As other operating systems (OS) are more widely used, they, too, would diversify their targets, tools, and techniques in order to cash in on more victims. That’s the value proposition of malware that can adapt and cross over different platforms. And when combined with a business model that can commercially peddle this […] more…WannaCry ransomware used in widespread attacks all over the world
Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world. In these attacks, data is encrypted with the extension “.WCRY” added to the filenames. Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been […] more…Spam and phishing in Q1 2017
Spam: quarterly highlights Spam from the Necurs botnet We wrote earlier about a sharp increase in the amount of spam with malicious attachments, mainly Trojan encryptors. Most of that spam was coming from the Necurs botnet, which is currently considered the world’s largest spam botnet. However, in late December 2016, the network’s activity almost ceased […] more…PNG Embedded – Malicious payload hidden in a PNG file
One of the most complex tasks for the cybercriminals is to ensure their malicious code goes undetected by antivirus and achieves its goal. For this, they have invested a lot on more complex infection processes, going beyond the traditional phishing and using techniques where the malicious payload is hidden in encrypted files – even using […] more…Attack on Zygote: a new twist in the evolution of mobile threats
The main danger posed by apps that gain root access to a mobile device without the user’s knowledge is that they can provide access to far more advanced and dangerous malware with highly innovative architecture. We feared that Trojans obtaining unauthorized superuser privileges to install legitimate apps and display advertising would eventually start installing malware. […] more…Kaspersky Security Bulletin. Spam and phishing in 2015
Download PDF The year in figures According to Kaspersky Lab, in 2015 The proportion of spam in email flows was 55.28%, which is 11.48 percentage points lower than in 2014. 79% of spam emails were no more than 2 KB in size. 15.2% of spam was sent from the US. 146,692,256 instances that triggered the […] more…More information
- The Optus Data Breach – Steps You Can Take to Protect Yourself
- Hack In The Box announces keynotes for 2017 Amsterdam event
- More bad news pushes bitcoin’s value below $9,000
- Hunting the Snark with Machine Learning, Artificial Intelligence, and Cognitive Computing
- France to Boost Cyberdefense After Hospital Malware Attacks
- Driver privacy can be compromised in usage-based insurance systems
- Cobol plays major role in U.S. government breaches
- CrowdSec Raises $14 Million for Crowdsourced Threat Intelligence Solution
- 8 hot mobile startups to watch
- ‘Sounds of silence’ proving a hit: World’s fastest random number generator