Solutions for:

Home Products
Small Business 1-50 employees
Medium Business 51-999 employees
Enterprise 1000+ employees

by Kaspersky

CompanyAccount
Get In Touch
Dark mode off
English

Solutions
Industries
- - Other Industries
  - Telecom Cybersecurity
  - View all
Products
Services
- - Other Services
  - Kaspersky Professional Services
  - Kaspersky Incident Response
  - Kaspersky Cybersecurity Training
  - View All
Resource Center
About Us
GDPR

Dark mode off
Securelist menu
English
- Russian
- Spanish
- Brazil
Existing Customers
- Personal
- Business
Home
- Products
- Trials&Update
- Resource Center
Business
- Kaspersky Next
- Small Business (1-50 employees)
- Medium Business (51-999 employees)
- Enterprise (1000+ employees)
Securelist
Threats
- Financial threats
- Mobile threats
- Web threats
- Secure environment (IoT)
- Vulnerabilities and exploits
- Spam and Phishing
- Industrial threats
Categories
- APT reports
- Incidents
- Research
- Malware reports
- Spam and phishing reports
- Publications
- Kaspersky Security Bulletin
Archive
All Tags
APT Logbook
Webinars
Statistics
Encyclopedia
Threats descriptions
KSB 2021
About Us
- Company
- Transparency
- Corporate News
- Press Center
- Careers
- Sponsorships
- Policy Blog
- Contacts
Partners
- Find a Partner
- Partner Program

Content menu Close Malware descriptions

by Kaspersky

Dark mode off

Threats

APT (Targeted attacks)
Secure environment (IoT)
Mobile threats
Financial threats
Spam and phishing
Industrial threats
Web threats
Vulnerabilities and exploits
All threats

Malware descriptions

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.

Sergey Puzan

JanelaRAT: a financial threat targeting users in Latin America

GReAT

The long road to your crypto: ClipBanker and its marathon infection chain

Oleg Kupreev

A laughing RAT: CrystalX combines spyware, stealer, and prankware features

GReAT

Coruna: the framework used in Operation Triangulation

Boris Larin

The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico

Domenico Caldarella
Mateus Salgado

Free real estate: GoPix, the banking Trojan living off your memory

GReAT

BeatBanker: A dual‑mode Android Trojan

GReAT

Arkanix Stealer: a C++ & Python infostealer

Kirill Korchemny
Omar Amin

Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets

Dmitry Kalinin

The game is over: when “free” comes at too high a price. What we know about RenEngine

Denis Brylev
Pavel Sinenko
Maxim Starodubov
Artem Ushkov

From cheats to exploits: Webrat spreading via GitHub

Maxim Starodubov

Cloud Atlas activity in the first half of 2025: what changed

Kaspersky

Frogblight threatens you with a court case: a new Android banker targets Turkish users

Georgy Bubenok

Blockchain and Node.js abused by Tsundere: an emerging botnet

Lisandro Ubiedo

Malware descriptions

GReAT research
Vulnerability reports
SOC, TI and IR posts
Malware descriptions
Industrial threats
Malware reports
Crimeware reports
APT reports
SAS
Spam and phishing reports
Spam and phishing
Incidents
Research
Security technologies
Kaspersky Security Bulletin
Publications
Software
DDoS reports
Internal threats reports
Archive

Hot Topics

Keyloggers: How they work and how to detect them (Part 1)

Nikolay Grebennikov

Scammers’ delivery service: exclusively dangerous

Tatyana Shcherbakova

RansomEXX Trojan attacks Linux systems

Fedor Sinitsyn
Vladimir Kuskov

Reports

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor.

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Evasive Panda APT poisons DNS requests to deliver MgBot

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Subscribe to our weekly e-mails

The hottest research right in your inbox

Email(Required)

(Required)

I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.

Threats

APT (Targeted attacks)
Secure environment (IoT)
Mobile threats
Financial threats
Spam and phishing
Industrial threats
Web threats
Vulnerabilities and exploits
All threats