PUA Operation Spreads Thousands of Explicit Apps in the Wild and on Legitimate App Stores
One of the most popular ways to make money online is through pornography—whether through legitimate distribution or different online scams. Last year we detected a new variant of the Marcher Trojan targeting users through porn sites, and the year before that popular porn apps were used as lures to compromise millions of mobile users in […] more…Cerber Version 6 Shows How Far the Ransomware Has Come (and How Far it’ll Go)
Additional analysis/insights by Alfredo Oliveira A little over a year after its first variants were found in the wild, Cerber (Detected by Trend Micro as RANSOM_CERBER family) now has the reputation for being the most prolific family of ransomware in the threat landscape. Since it first emerged in Russian underground marketplaces in March, 2016, Cerber has […] more…Spam and phishing in Q1 2017
Spam: quarterly highlights Spam from the Necurs botnet We wrote earlier about a sharp increase in the amount of spam with malicious attachments, mainly Trojan encryptors. Most of that spam was coming from the Necurs botnet, which is currently considered the world’s largest spam botnet. However, in late December 2016, the network’s activity almost ceased […] more…Lazarus Under The Hood
Download full report (PDF) In February 2017 an article in the Polish media broke the silence on a long-running story about attacks on banks, allegedly related to the notoriously known Lazarus Group. While the original article didn’t mention Lazarus Group it was quickly picked up by security researchers. Today we’d like to share some of […] more…Lurk: Retracing the Group’s Five-Year Campaign
by Fyodor Yarochkin and Vladimir Kropotov (Senior Threat Researchers) Fileless infections are exactly what their namesake says: they’re infections that don’t involve malicious files being downloaded or written to the system’s disk. While fileless infections are not necessarily new or rare, it presents a serious threat to enterprises and end users given its capability to […] more…Updated Sundown Exploit Kit Uses Steganography
This year has seen a big shift in the exploit kit landscape, with many of the bigger players unexpectedly dropping out of action. The Nuclear exploit kit operations started dwindling in May, Angler disappeared around the same time Russia’s Federal Security Service made nearly 50 arrests last June, and then in September Neutrino reportedly went […] more…Businesses as Ransomware’s Goldmine: How Cerber Encrypts Database Files
Possibly to maximize the earning potential of Cerber’s developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. These repositories of organized data enable businesses to store, retrieve, sort, analyze, and manage pertinent information. When utilized effectively they help maintain the organization’s efficiency, so holding these mission-critical files […] more…The Hunt for Lurk
In early June, 2016, the Russian police arrested the alleged members of the criminal group known as Lurk. The police suspected Lurk of stealing nearly three billion rubles, using malicious software to systematically withdraw large sums of money from the accounts of commercial organizations, including banks. For Kaspersky Lab, these arrests marked the culmination of […] more…JScript-toting Ransomware Can Steal Your Passwords and Bitcoin Wallets, Too
By Renaud Bidou In an effort to develop a target base and increase the conversion rate of victims, ransomware perpetrators will try to veer away from well-known families and create new family sporting seemingly new techniques—with varying degrees of practicality. This is the case with the RAA ransomware, which Trend Micro detects as RANSOM_JSRAA.A. While most ransomware […] more…Results of PoC Publishing
Dreams of a Threat Actor There are two crucial features of the Android OS protection system: it is impossible to download a file without user’s knowledge on a clean device; it is impossible to initialize installation of a third-party app without user’s knowledge on a clean device. These approaches greatly complicate malware writers’ lives: to […] more…Mobile Devices Used to Execute DNS Malware Against Home Routers
Attacks against home routers have been going around for years—from malware that rigs routers to DNS rebinding attacks and backdoors, among others. Just last year one of our researchers reported a Domain Name System (DNS) changer malware that redirected users to malicious pages when they visited specific websites. This enabled cyber crooks to get hold of the […] more…Locky: the encryptor taking the world by storm
In February 2016, the Internet was shaken by an epidemic caused by the new ransomware Trojan Locky (detected by Kaspersky Lab products as Trojan-Ransom.Win32.Locky). The Trojan has been actively propagating up to the present day. Kaspersky Lab products have reported attempts to infect users with the Trojan in 114 countries around the world. Analysis of […] more…All your creds are belong to us
Download the full report (PDF) With astonishing annual revenues of over a hundred billion dollars, the gaming industry has in the past been compared to Hollywood’s burgeoning business, repeatedly demonstrating the influence behind its ever expanding and loyal fan base. Having an endless list of “big hit” video-games coexisting peacefully with humble but still fun-filled […] more…“All your creds are belong to us”
Download the full report (PDF) With astonishing annual revenues of over a hundred billion dollars, the gaming industry has in the past been compared to Hollywood’s burgeoning business, repeatedly demonstrating the influence behind its ever expanding and loyal fan base. Having an endless list of “big hit” video-games coexisting peacefully with humble but still fun-filled […] more…Attack on Zygote: a new twist in the evolution of mobile threats
The main danger posed by apps that gain root access to a mobile device without the user’s knowledge is that they can provide access to far more advanced and dangerous malware with highly innovative architecture. We feared that Trojans obtaining unauthorized superuser privileges to install legitimate apps and display advertising would eventually start installing malware. […] more…Kaspersky Security Bulletin. Spam and phishing in 2015
Download PDF The year in figures According to Kaspersky Lab, in 2015 The proportion of spam in email flows was 55.28%, which is 11.48 percentage points lower than in 2014. 79% of spam emails were no more than 2 KB in size. 15.2% of spam was sent from the US. 146,692,256 instances that triggered the […] more…More information
- Broadcom CA Automic Sysload CVE-2019-19518 Arbitrary Command Execution Vulnerability
- VoIP Phone Users Warned About Risks of Default Settings
- How PC Threats Go Mobile
- Google for Work bolsters Gmail with data loss prevention
- Update: Digital Identity Management Console outage
- Update: Proxy.psu.edu (formerly proxy.aset.psu.edu) is being upgraded
- Scareware found hidden in Google Play apps downloaded by millions
- Why Linux is better than Windows or macOS for security
- Why it’s easier to fix a broken product than a broken team
- Resolved: TSM Server Outage (backup.aset.psu.edu)