Solutions for:

Home Products
Small Business 1-50 employees
Medium Business 51-999 employees
Enterprise 1000+ employees

by Kaspersky

CompanyAccount
Get In Touch
Dark mode off
English

Solutions
Industries
- - Other Industries
  - Telecom Cybersecurity
  - View all
Products
Services
- - Other Services
  - Kaspersky Professional Services
  - Kaspersky Incident Response
  - Kaspersky Cybersecurity Training
  - View All
Resource Center
About Us
GDPR

Dark mode off
Securelist menu
English
- Russian
- Spanish
- Brazil
Existing Customers
- Personal
- Business
Home
- Products
- Trials&Update
- Resource Center
Business
- Kaspersky Next
- Small Business (1-50 employees)
- Medium Business (51-999 employees)
- Enterprise (1000+ employees)
Securelist
Threats
- Financial threats
- Mobile threats
- Web threats
- Secure environment (IoT)
- Vulnerabilities and exploits
- Spam and Phishing
- Industrial threats
Categories
- APT reports
- Incidents
- Research
- Malware reports
- Spam and phishing reports
- Publications
- Kaspersky Security Bulletin
Archive
All Tags
APT Logbook
Webinars
Statistics
Encyclopedia
Threats descriptions
KSB 2021
About Us
- Company
- Transparency
- Corporate News
- Press Center
- Careers
- Sponsorships
- Policy Blog
- Contacts
Partners
- Find a Partner
- Partner Program

Content menu Close Malware descriptions

by Kaspersky

Dark mode off

Threats

APT (Targeted attacks)
Secure environment (IoT)
Mobile threats
Financial threats
Spam and phishing
Industrial threats
Web threats
Vulnerabilities and exploits
All threats

Malware descriptions

From cheats to exploits: Webrat spreading via GitHub

We dissect the new Webrat campaign where the Trojan spreads via GitHub repositories, masquerading as critical vulnerability exploits to target cybersecurity researchers.

Maxim Starodubov

Cloud Atlas activity in the first half of 2025: what changed

Kaspersky

Frogblight threatens you with a court case: a new Android banker targets Turkish users

Georgy Bubenok

Blockchain and Node.js abused by Tsundere: an emerging botnet

Lisandro Ubiedo

PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations

Georgy Kucherin
Saurabh Sharma
Vasily Berdnikov

Post-exploitation framework now also delivered via npm

Vladimir Gursky
Artem Ushkov

Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution

GReAT

Massive npm infection: the Shai-Hulud worm and patient zero

Vladimir Gursky
Dmitry Vinogradov

Scammers mass-mailing the Efimer Trojan to steal crypto

Artem Ushkov
Vladimir Gursky

Driver of destruction: How a legitimate driver is being used to take down AV processes

Cristian Souza
Ashley Muñoz
Eduardo Ovalle
Francesco Figurelli
Anderson Leite

Batavia spyware steals data from Russian organizations

Kaspersky

SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play

Sergey Puzan
Dmitry Kalinin

Triada strikes back

Dmitry Kalinin

Lumma Stealer – Tracking distribution channels

Elsayed Elrefaei
Ahmed Daif
Mohamed Ghobashy

Attackers distributing a miner and the ClipBanker Trojan via SourceForge

Malware descriptions

Industrial threats
GReAT research
Vulnerability reports
Crimeware reports
SOC, TI and IR posts
Malware descriptions
Malware reports
Spam and phishing reports
Archive
Security technologies
Spam and phishing
DDoS reports
Incidents
APT reports
SAS
Kaspersky Security Bulletin
Internal threats reports
Publications
Software
Opinion

Hot Topics

Keyloggers: How they work and how to detect them (Part 1)

Nikolay Grebennikov

Scammers’ delivery service: exclusively dangerous

Tatyana Shcherbakova

RansomEXX Trojan attacks Linux systems

Fedor Sinitsyn
Vladimir Kuskov

Reports

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Evasive Panda APT poisons DNS requests to deliver MgBot

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Cloud Atlas activity in the first half of 2025: what changed

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

Subscribe to our weekly e-mails

The hottest research right in your inbox

Email(Required)

(Required)

I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.

Threats

APT (Targeted attacks)
Secure environment (IoT)
Mobile threats
Financial threats
Spam and phishing
Industrial threats
Web threats
Vulnerabilities and exploits
All threats