App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant
by Lilang Wu, Ju Zhu, and Moony Li We covered iXintpwn/YJSNPI in a previous blog post and looked into how it renders an iOS device unresponsive by overflowing it with icons. This threat comes in the form of an unsigned profile that crashes the standard application that manages the iOS home screen when installed. The […] more…GhostClicker Adware is a Phantomlike Android Click Fraud
By Echo Duan and Roland Sun We’ve uncovered a pervasive auto-clicking adware from as much as 340 apps from Google Play, one of which, named “Aladdin’s Adventure’s World”, was downloaded 5 million times. These adware-embedded applications include recreational games, device performance utilities like cleaners and boosters, and file managers, QR and barcode scanners, multimedia recorders […] more…Simda’s Hide and Seek: Grown-up Games
On 9 April, 2015 Kaspersky Lab was involved in the synchronized Simda botnet takedown operation coordinated by INTERPOL Global Complex for Innovation. In this case the investigation was initially started by Microsoft and expanded to involve a larger circle of participants including TrendMicro, the Cyber Defense Institute, officers from the Dutch National High Tech Crime […] more…CRYPVAULT: New Crypto-ransomware Encrypts and “Quarantines” Files
We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files. These “quarantined” files are appended by a *.VAULT file extension, an antivirus software service that keeps any deleted files for a certain period of time. Antivirus software typically quarantines files that may potentially cause further damage to […] more…A Twitch of Fate: Gamers Shamelessly Wiped Clean
Twitch.tv is a video gaming focused live streaming platform. It has more than 50 million viewers and was acquired by Amazon.com in August for nearly a billion dollars. We recently received a report from a concerned user about malware that is being advertised via Twitch’s chat feature. A Twitch-bot account bombards channels and invites viewers […] more…One-Click Fraud Variant on Google Play in Japan Steals User Data
Last week McAfee Labs reported a series of “one-click fraud” malware on Google Play in Japan. We have been monitoring this fraudulent activity and have found more than 120 additional variants on Google Play since the previous report. The malicious developers upload five or six applications per account using three to five accounts every night, […] more…Firefox 18 brings TURKTRUST update, Retina support, faster JavaScript plus 20 other security fixes
We’ve known for some time now that Firefox 18 would bring some significant speed improvements to Mozilla’s popular browser, and the final version—released today—made good on that promise officially. In fact, a new JavaScript compiler in the software is delivering performance improvements of up to 25 percent on Web apps and games, Mozilla says. Tags: […] more…Inside of the WASP’s nest: deep dive into PyPI-hosted malware
Photo by Matheus Queiroz on Unsplash In late 2022 we decided to start monitoring PyPI, arguably the most important Python repository, as there were a number of reports on it hosting malware. PyPI took exceptional relevance amongst all repositories as, historically, it was trusted by default by many software developers. Any security breach or abuse […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Cyberthreats to financial organizations in 2022
First of all, we are going to analyze the forecasts we made at the end of 2020 and see how accurate they were. Then we will go through the key events of 2021 relating to attacks on financial organizations. Finally, we will make some forecasts about financial attacks in 2022. Analysis of forecasts for 2021 […] more…Russian-speaking cybercrime evolution: What changed from 2016 to 2021
Experts at Kaspersky have been investigating various computer incidents on a daily basis for over a decade. Having been in the field for so long, we have witnessed some major changes in the cybercrime world’s modus operandi. This report shares our insights into the Russian-speaking cybercrime world and the changes in how it operates that […] more…Great R packages for data import, wrangling, and visualization
The table below shows my favorite go-to R packages for data import, wrangling, visualization and analysis — plus a few miscellaneous tasks tossed in. The package names in the table are clickable if you want more information. To find out more about a package once you’ve installed it, type help(package = "packagename") in your R […] more…IT threat evolution Q2 2021
Targeted attacks The leap of a Cycldek-related threat actor It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be side-loaded by it and an encoded payload, generally dropped from a self-extracting archive. This was first thought to […] more…IT threat evolution in Q2 2021. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures In Q2 2021, according to data from Kaspersky Security Network: 14,465,672 malware, adware and riskware attacks were prevented. The largest share of all detected threats accrued to RiskTool programs — 38.48%. 886,105 malicious installation […] more…Financial Cyberthreats in 2020
2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new conditions, so were scammers. As a result, 2020 was extremely eventful in terms of digital […] more…Spam and phishing in 2020
Figures of the year In 2020: The share of spam in email traffic amounted to 50.37%, down by 6.14 p.p. from 2019. Most spam (21.27%) originated in Russia. Kaspersky solutions detected a total of 184,435,643 malicious attachments. The email antivirus was triggered most frequently by email messages containing members of the Trojan.Win32.Agentb malware family. The […] more…More information
- Advisory – Dangerous "nonce" leak in UpdraftPlus
- Kim Dotcom mounts freedom campaign
- Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach
- Google publishes third Windows 0-day vulnerability in a month
- Traditional Industries Increasingly Turn to Bug Bounty Programs
- Siemens Patches Flaws in Building Automation Controllers
- Malware linked to Chinese hackers aims at Japanese government
- IT leg-breakers: Exacting (small-scale) revenge in the digital age
- Google Introduces New Open-Source Data Privacy Protocol
- Ursnif Banking Trojan Gets Mouse-Based Anti-Sandboxing