Recently, the popular CamScanner – Phone PDF creator app caught our attention. After analyzing the app, we saw that the developer added an advertising library to it that contains a malicious dropper component. Read Full Article
DNS Manipulation in Venezuela in regards to the Humanitarian Aid Campaign
This website for volunteers in Venezuela appeared online on February 6th. Only a few days later, on February 11th, the day after the public announcement of the initiative, another almost identical website appeared with a very similar domain name and structure. Read Full Article
DarkVishnya: Banks attacked through direct connection to local network
In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common springboard: an unknown device directly connected to the company’s local network. Read Full Article
KoffeyMaker: notebook vs. ATM
Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack. Read Full Article
KeyPass ransomware
In the last few days, our anti-ransomware module has been detecting a new variant of malware – KeyPass ransomware. According to our information, the malware is propagated by means of fake installers that download the ransomware module. Read Full Article
Roaming Mantis dabbles in mining and phishing multilingually
In May, while monitoring Roaming Mantis, aka MoqHao and XLoader, we observed significant changes in their M.O. The group’s activity expanded geographically and they broadened their attack/evasion methods. Their landing pages and malicious apk files now support 27 languages covering Europe and the Middle East. Read Full Article
Investigation Report for the September 2014 Equation malware detection incident in the US
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employee’s home computer system. To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others Read Full Article
Bad Rabbit ransomware
On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine. Read Full Article
New multi platform malware/adware spreading via Facebook Messenger
One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. Read Full Article
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper pretending to be ransomware. Read Full Article