no-image

Every little bitcoin helps

It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. The attacks targeted employees of small companies, but such emails could be sent to any user’s personal mail. Read Full Article

no-image

Denis and Co.

In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling. Read Full Article

no-image

Happy IR in the New Year!

In IR cases we use a very simple script that is uploaded to every Windows computer in the corporate network to collect logs, NTFS data, entries from the Windows registry and strings from the binary files to find out how exactly the attackers were moving through the network. It’s holiday season and it is our pleasure to share this script with you. Read Full Article

no-image

Travle aka PYLOT backdoor hits Russian-speaking targets

At the end of September, Palo Alto released a report on Unit42 activity where they – among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle. Coincidentally, KL was recently involved in an investigation of a successful attack where Travle was detected, during which we conducted a deep analysis of this malware. Read Full Article

no-image

Jack of all trades

Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi. This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more. Read Full Article

no-image

Kaspersky Security Bulletin. Overall statistics for 2017

In 2017, Kaspersky Lab’s web antivirus detected 15 714 700 unique malicious objects (scripts, exploits, executable files, etc.) and 199 455 606 unique URLs were recognized as malicious by web antivirus components. Kaspersky Lab solutions detected and repelled 1 188 728 338 malicious attacks launched from online resources located in 206 countries all over the world. Read Full Article