Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that we detected in 2017 and similarly reported in 2018. Read Full Article
APT trends report Q1 2020
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020. Read Full Article
Hiding in plain sight: PhantomLance walks into a market
In July 2019, a sophisticated backdoor trojan in Google Play was reported. We conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”, its earliest registered domain dating back to December 2015. Read Full Article
Loncom packer: from backdoors to Cobalt Strike
After the previous story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom. Read Full Article
Holy water: ongoing targeted water-holing attack in Asia
On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. Read Full Article
iOS exploit chain deploys LightSpy feature-rich malware
A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page. Read Full Article
Mokes and Buerak distributed under the guise of security certificates
We recently discovered a new approach to the well-known distributing malware technique: visitors to infected sites were informed that some kind of security certificate had expired. Read Full Article
OilRig’s Poison Frog – old samples, same trick
After we wrote our private report on the OilRig leak, we decided to scan our archives with our YARA rule, to hunt for new and older samples. Aside from finding some new samples, we believe we also succeeded in finding some of the first Poison Frog samples. Read Full Article
Titanium: the Platinum group strikes again
Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium. Read Full Article
IoT: a malware story
Since 2008, cyber-criminals have been creating malware to attack IoT-devices. How do we deal with that? The best option for tracking attacks, catching malware and getting an overview of attacks in this area is to use honeypots. Read Full Article