Russian-speaking cybercrime evolution: What changed from 2016 to 2021
Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that […] more…This JavaScript DOM course bundle is on sale for just $30 this week
Making a website isn’t as easy as it used to be. Twenty years ago, all you had to know was HTML, and that was probably good enough to get you started as a pro developer. These days, you need to know a little bit more. Actually, a lot more. And that’s why we’re offering The JavaScript […] more…Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud
By Lorin Wu (Mobile Threats Analyst) We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious […] more…APT review: what the world’s threat actors got up to in 2019
What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to […] more…IT threat evolution Q3 2019
Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed ‘Operation ViceLeaker’ involving the spread of malicious Android samples via instant messaging. The campaign affected several dozen victims in Israel and Iran. We discovered this activity in […] more…Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts
by Llallum Victoria (Threats Analyst) Windows Installer uses Microsoft Software Installation (MSI) package files to install programs. Every package file has a relational-type database that contains instructions and data required to install or remove programs. We recently discovered malicious MSI files that download and execute other files and could bypass traditional security solutions. Malicious actors […] more…Kaspersky Security Bulletin: Threat Predictions for 2019
There’s nothing more difficult than predicting. So, instead of gazing into a crystal ball, the idea here is to make educated guesses based on what has happened recently and where we see a trend that might be exploited in the coming months. Asking the most intelligent people I know, and basing our scenario on APT […] more…EITest Campaign Uses Tech Support Scams to Deliver Coinhive’s Monero Miner
We’ve uncovered the notorious EITest campaign delivering a JavaScript (JS) cryptocurrency miner (detected by Trend Micro as HKTL_COINMINE) using tech support scams as a social engineering lure. These are fraud activities impersonating legitimate technical support services, conning unwitting victims to avail/pay for these services (or hand out financial data), by scaring them that their machine […] more…PUA Operation Spreads Thousands of Explicit Apps in the Wild and on Legitimate App Stores
One of the most popular ways to make money online is through pornography—whether through legitimate distribution or different online scams. Last year we detected a new variant of the Marcher Trojan targeting users through porn sites, and the year before that popular porn apps were used as lures to compromise millions of mobile users in […] more…How an Online Prank Had Countless Phones Dialing 911
Remember elementary school, when prank notes left on fellow students’ desks caused uproars of laughter? Those were golden days. Consequences were intangible — coming just from adults to (seemingly) steal the fun. But of course, as we grow older, the first taste of reality is harsh. In recent cybersecurity news, that’s exactly what hit […] more…Masque Attack Abuses iOS’s Code Signing to Spoof Apps and Bypass Privacy Protection
First reported in 2014, Masque Attack allowed hackers to replace a genuine app from the App Store with a malformed, enterprise-signed app that had the same Bundle Identifier (Bundle ID). Apple subsequently patched the vulnerabilities (CVE-2015-3772 and CVE-2015-3725), but while it closed a door, scammers seemed to have opened a window. Haima’s repackaged, adware-laden apps […] more…New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files
Like a game of cat and mouse, the perpetrators behind the Locky ransomware had updated their arsenal yet again with a new tactic—using Windows Scripting File (WSF) for the arrival method. WSF is a file that allows the combination of multiple scripting languages within a single file. Using WSF makes the detection and analysis of ransomware challenging […] more…All your creds are belong to us
Download the full report (PDF) With astonishing annual revenues of over a hundred billion dollars, the gaming industry has in the past been compared to Hollywood’s burgeoning business, repeatedly demonstrating the influence behind its ever expanding and loyal fan base. Having an endless list of “big hit” video-games coexisting peacefully with humble but still fun-filled […] more…“All your creds are belong to us”
Download the full report (PDF) With astonishing annual revenues of over a hundred billion dollars, the gaming industry has in the past been compared to Hollywood’s burgeoning business, repeatedly demonstrating the influence behind its ever expanding and loyal fan base. Having an endless list of “big hit” video-games coexisting peacefully with humble but still fun-filled […] more…Simda’s Hide and Seek: Grown-up Games
On 9 April, 2015 Kaspersky Lab was involved in the synchronized Simda botnet takedown operation coordinated by INTERPOL Global Complex for Innovation. In this case the investigation was initially started by Microsoft and expanded to involve a larger circle of participants including TrendMicro, the Cyber Defense Institute, officers from the Dutch National High Tech Crime […] more…CVE-2014-8439 Vulnerability: Trend Micro Solutions Ahead of the Game
Last November 25, Adobe issued an out-of-band patch for the CVE-2014-8439 vulnerability, which impacts Adobe Flash Player versions on Windows, Mac OS, and Linux. Adobe’s advisory describes this vulnerability as a “de-referenced memory pointer that could lead to code execution.” Despite efforts by Adobe to quickly patch their software vulnerabilities, we noticed that exploit kit […] more…More information
- Facebook Paid Out $5 Million in Bug Bounties Since 2011
- 2020 iPhone again rumored to boast rear-facing time of flight 3D sensor
- Chrome plans to save you from sites that mess with your back button
- New XM1RPC SEO Spam and Backdoor Campaign
- SSCC 143 – Heartbleed revisited, cybercrooks busted, failed malware cleanup censured by FTC [PODCAST]
- Kicking Off a New School Year with New Online Habits
- Google Chrome Prior to 78.0.3904.70 Multiple Security Vulnerabilities
- Google Patches Serious Account Recovery Vulnerabilities
- Cloudflare Mitigated Record-Setting 17.2 Million RPS DDoS Attack
- XORDDoS, Kaiji DDoS Botnets Target Docker Servers