This website for volunteers in Venezuela appeared online on February 6th. Only a few days later, on February 11th, the day after the public announcement of the initiative, another almost identical website appeared with a very similar domain name and structure. Read Full Article
The Rotexy mobile Trojan – banker and ransomware
On the back of a surge in Trojan activity, we decided to carry out an in-depth analysis and track the evolution of some other popular malware families besides Asacub. One of the most interesting and active specimens to date was a mobile Trojan from the Rotexy family. Read Full Article
Spam and phishing in Q3 2018
In Q3 2018, the average share of spam in global mail traffic rose by 2.88 p.p. to 52.54%, and the Anti-Phishing system prevented more than 137 million redirects to phishing sites, up 30 million against the previous reporting period. Read Full Article
Hey there! How much are you worth?
I decided to investigate the black market and see what kind of information is being sold there. We all know that you can buy drugs, weapons and stolen goods there, but you can also buy online identities. How much do you think your online identity is worth? Read Full Article
Phishing for knowledge
When we talk about phishing, top of mind are fake banking sites, payment systems, as well as mail and other globally popular services. However, cybercriminals have their fingers in far more pies than that. Unobviously, perhaps, students and university faculties are also in the line of fire. Read Full Article
MuddyWater expands operations
MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US. Read Full Article
Roaming Mantis, part III
In Q2 2018, Kaspersky Lab published two blogposts about Roaming Mantis sharing details of this new cybercriminal campaign. During our research, it became clear that Roaming Mantis has been rather active and has evolved quickly. The group’s malware now supports 27 languages, including multiple countries from Asia and beyond, Europe and the Middle East. Read Full Article
Threats posed by using RATs in ICS
While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had used RATs to attack industrial organizations. Read Full Article
Loki Bot: On a hunt for corporate passwords
Starting in early July, we have seen malicious spam activity that has targeted corporate mailboxes. Messages discovered so far contain an attachment with an .iso extension, which Kaspersky Lab solutions detect as Loki Bot. Read Full Article
Spam and phishing in Q2 2018
Average spam volume of 49.66% in world mail traffic in this quarter fell 2.16 p.p. in comparison with the previous reporting period, and the Antiphishing system prevented more than 107M attempts to connect users to phishing sites, which is 17M more than in the first quarter of 2018. Read Full Article