Spam and phishing in Q1 2017
Spam: quarterly highlights Spam from the Necurs botnet We wrote earlier about a sharp increase in the amount of spam with malicious attachments, mainly Trojan encryptors. Most of that spam was coming from the Necurs botnet, which is currently considered the world’s largest spam botnet. However, in late December 2016, the network’s activity almost ceased […] more…Inside of the WASP’s nest: deep dive into PyPI-hosted malware
Photo by Matheus Queiroz on Unsplash In late 2022 we decided to start monitoring PyPI, arguably the most important Python repository, as there were a number of reports on it hosting malware. PyPI took exceptional relevance amongst all repositories as, historically, it was trusted by default by many software developers. Any security breach or abuse […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…IT threat evolution Q3 2020. Non-mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, in Q3: Kaspersky solutions blocked 1,416,295,227 attacks launched from online resources across the globe. 456,573,467 unique URLs were recognized as malicious by Web Anti-Virus components. Attempts to run malware […] more…VirusTotal MultiSandbox += Yoroi: Yomi sandbox
We are excited to welcome Yomi: The Malware Hunter from Yoroi to the mutisandbox project. This brings VirusTotal upl to seven integrated sandboxes, in addition to VT’s own sandboxes for Windows, MacOS, and Android. In their own words: Yomi engine implements a multi-analysis approach able to exploit both static analysis and behavioral analysis, providing ad […] more…Confucius Update: New Tools and Techniques, Further Connections with Patchwork
by Daniel Lunghi and Jaromir Horejsi Back in February, we noted the similarities between the Patchwork and Confucius groups and found that, in addition to the similarities in their malware code, both groups primarily went after targets in South Asia. During the months that followed in which we tracked Confucius’ activities, we found that they […] more…OPC UA security analysis
This paper discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. In publishing this material, we hope to draw the attention of vendors that develop software for industrial automation systems and the industrial internet of things to problems associated with using such widely available technologies, which turned out to […] more…Staying Anonymous on the Blockchain: Concerns and Techniques
With Bitcoin at one point valued at more than $5,000 per unit, cryptocurrencies have excited a lot of interest from individuals, businesses, and hackers. One of the selling points of Bitcoin and others of its type is anonymity. Yet there are concerns that online currency transactions may not be as anonymous as many wish. In […] more…Ztorg: money for infecting your smartphone
This research started when we discovered an infected Pokémon GO guide in Google Play. It was there for several weeks and was downloaded more than 500,000 times. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. The first of […] more…Spam and phishing in 2016
The year in figures According to Kaspersky Lab, in 2016: The proportion of spam in email flows was 58.31%, which is 3.03 percentage points more than in 2015. 62.16% of spam emails were no more than 2 KB in size. 12.08% of spam was sent from the US. Trojan.Win32.Bayrob was the most popular malware family […] more…More information
- Washington Post Takes Heat for Snowden Prosecution Call
- CTO Insights: Defending Your Organization From Insider Attacks
- 3.3 million Hello Kitty fans exposed in database leak
- IBM Releases Open Source AI Security Tool
- Microsoft issues critical Exchange Server patches to thwart wave of targeted attacks
- Microsoft boots Chinese firm for leaking Windows exploit
- Google and other OEMs have yet to patch a critical Android security flaw
- CNET website and 1 million passwords compromised by Russian hacker group
- Zero Day Weekly: Target ruled negligent, Microsoft sued, Apple AirDrop flaw
- Apache NiFi Multiple Information Disclosure Vulnerabilities