Suspected spear phishing campaign attempting to steal users’ credentials by sending phishing emails masquerading as Google recovery. Read Full Article
On the trail of Stagefright 2
In early October, it was announced that a critical vulnerability had been found in the libutils library. Although exploits for newly discovered vulnerabilities take a while to appear ‘in the wild’, we believe we should be prepared to detect them even if there have been no reports, as yet, of any such exploits being found. Because of this, we decided to do the research and generate a PoC file on our own. Read Full Article
Stealing to the sound of music
The malicious VK Music app not only lets you listen to music but also steals the login details of those using the popular Russian social networking site VKontakte. According to our estimates, the attackers may have stolen the accounts of hundreds of thousands of users. Read Full Article
Microsoft Security Updates October 2015
Microsoft releases six Security Bulletins today, three of them “critical” remote code execution, to fix almost thirty CVE-enumerated vulnerabilities. None of them are known to be publicly exploited, and only a couple are known to be publicly discussed. Read Full Article
I am HDRoot! Part 2
Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. Read Full Article
The rise of .NET and Powershell malware
The evils of the .NET and PowerShell ecosystems began in quite an innocent manner, gradually evolving into the convoluted cybercrime scene that we’ve come to know nowadays. Read Full Article
APT Research Discourse at Virus Bulletin 2015
Kaspersky Lab researchers presented a closing keynote and three other papers related to targeted attacks and APT research at Virus Bulletin 2015 in Prague. Read Full Article
I am HDRoot! Part 1
Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. Read Full Article
Point of view: Hacker Halted 2015
The Hacker Halted USA event organized by the professional organization EC-Council is held once a year and it brings together technical experts in the field of information security as well as a business audience. Read Full Article