Distribution of malicious JAR appended to MSI files signed by third parties
Microsoft Windows keeps the Authenticode signature valid after appending any content to the end of Windows Installer (.MSI) files signed by any software developer. This behaviour can be exploited by attackers to bypass some security solutions that rely on Microsoft Windows code signing to decide if files are trusted. The scenario is especially dangerous when […] more…IT threat evolution Q3 2021
IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics Targeted attacks WildPressure targets macOS Last March, we reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, we discovered a newer version. It contains […] more…IT threat evolution Q3 2020. Non-mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, in Q3: Kaspersky solutions blocked 1,416,295,227 attacks launched from online resources across the globe. 456,573,467 unique URLs were recognized as malicious by Web Anti-Virus components. Attempts to run malware […] more…Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
By Jaromir Horejsi and Joseph C. Chen (Threat Researchers) We recently discovered a new campaign that we dubbed “Operation Overtrap” for the numerous ways it can infect or trap victims with its payload. The campaign mainly targets online users of various Japanese banks by stealing their banking credentials using a three-pronged attack. Based on our […] more…Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
The Android banking trojan Geost was first revealed in a research by Sebastian García, Maria Jose Erquiaga and Anna Shirokova from the Stratosphere Laboratory. They detected the trojan by monitoring HtBot malicious proxy network. The botnet targets Russian banks, with the victim count at over 800,000 users at the time the study was published in […] more…TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy
By Hara Hiroaki, Jaromir Horejsi, and Loseway Lu (Threats Analysts) TA505 continues to show that as a cybercriminal group, they intend to wreak as much havoc while maximizing potential profits. Given the group’s active campaigns since our updates in June and July, we continued following their latest campaigns. Just like in previous operations, they continue […] more…AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs
By David Fiser, Jakub Urbanec and Jaromir Horejsi Misconfiguration is not novel. However, cybercriminals still find that it is an effective way to get their hands on organizations’ computing resources to use for malicious purposes and it remains a top security concern. In this blog post, we will detail an attack type where an API […] more…VirusTotal MultiSandbox += Yoroi: Yomi sandbox
We are excited to welcome Yomi: The Malware Hunter from Yoroi to the mutisandbox project. This brings VirusTotal upl to seven integrated sandboxes, in addition to VT’s own sandboxes for Windows, MacOS, and Android. In their own words: Yomi engine implements a multi-analysis approach able to exploit both static analysis and behavioral analysis, providing ad […] more…Confucius Update: New Tools and Techniques, Further Connections with Patchwork
by Daniel Lunghi and Jaromir Horejsi Back in February, we noted the similarities between the Patchwork and Confucius groups and found that, in addition to the similarities in their malware code, both groups primarily went after targets in South Asia. During the months that followed in which we tracked Confucius’ activities, we found that they […] more…OPC UA security analysis
This paper discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. In publishing this material, we hope to draw the attention of vendors that develop software for industrial automation systems and the industrial internet of things to problems associated with using such widely available technologies, which turned out to […] more…Staying Anonymous on the Blockchain: Concerns and Techniques
With Bitcoin at one point valued at more than $5,000 per unit, cryptocurrencies have excited a lot of interest from individuals, businesses, and hackers. One of the selling points of Bitcoin and others of its type is anonymity. Yet there are concerns that online currency transactions may not be as anonymous as many wish. In […] more…Ztorg: money for infecting your smartphone
This research started when we discovered an infected Pokémon GO guide in Google Play. It was there for several weeks and was downloaded more than 500,000 times. We detected the malware as Trojan.AndroidOS.Ztorg.ad. After some searching, I found some other similar infected apps that were being distributed from the Google Play Store. The first of […] more…Spam and phishing in Q1 2017
Spam: quarterly highlights Spam from the Necurs botnet We wrote earlier about a sharp increase in the amount of spam with malicious attachments, mainly Trojan encryptors. Most of that spam was coming from the Necurs botnet, which is currently considered the world’s largest spam botnet. However, in late December 2016, the network’s activity almost ceased […] more…Spam and phishing in 2016
The year in figures According to Kaspersky Lab, in 2016: The proportion of spam in email flows was 58.31%, which is 3.03 percentage points more than in 2015. 62.16% of spam emails were no more than 2 KB in size. 12.08% of spam was sent from the US. Trojan.Win32.Bayrob was the most popular malware family […] more…Spam and phishing in Q1 2016
Spam: features of the quarter Trending: dramatic increase in volume of malicious spam The first quarter of 2016 saw a dramatic increase in the number of unsolicited emails containing malicious attachments. Over the last two years the number of email antivirus detections on computers with a Kaspersky Lab product installed fluctuated between 3 and 6 […] more…Attack on Zygote: a new twist in the evolution of mobile threats
The main danger posed by apps that gain root access to a mobile device without the user’s knowledge is that they can provide access to far more advanced and dangerous malware with highly innovative architecture. We feared that Trojans obtaining unauthorized superuser privileges to install legitimate apps and display advertising would eventually start installing malware. […] more…More information
- How a Cell Phone Busted a Hacker
- Coolest jobs in tech: Hackers for hire
- Microsoft Team Foundation Server CVE-2019-0777 Cross Site Scripting Vulnerability
- Apple goes server-side to fix Siri lock screen bypass security flaw
- USB Drives Deliver Dangerous Malware to Industrial Facilities: Honeywell
- Resolved: Email Service Degradation
- Cryptojacking is almost conquered – crushed along with coinhive.com
- Resolved: Electrical outages at University Park
- With a .design domain from Porkbun, you can build the online portfolio of your dreams
- Researchers develop data bus for quantum computer