Incidents

Cabir’s first year

Today, Cabir celebrates its first birthday. One year ago, 29a sent a sample of their latest creation to AV vendors worldwide via Virusbuster, a Spanish virus collector. Kaspersky Lab was first to detect this proof of concept malware, which turned out to be a worm that targeted mobile phones running under the Symbian 60 OS with Bluetooth capabilities.

The source code for the original Cabir appeared on the Net in late December 2004, which led to a number of copycat variants appearing in the wild. Cabir infections have been registered in over 30 countries to date.

In addition, there are now close to 100 malicious programs targeting mobile phones, most of which are Trojans. This highlights two important aspects: operating systems for mobile devices are very insecure thus far, and users need to realize that mobile devices are vulnerable to the same type of attacks as regular PCs.

So, how soon will it be before the proof-of-concept trickle turns into a flood? It’s difficult to be sure. However, there are two issues to consider. First, experience has shown that malware authors target systems that are commonly used. Ownership of mobile devices hasn’t yet reached critical mass; but when it does, they will prove an irresistible target. Second, it’s clear from developments during the last two years that the computer underground has realized the potential for making money from malicious code in a world where Internet connectivity has become central to business.

Today’s threats are largely geared towards making money illegally: through fraud, unwanted advertising (including spam) and extortion. Since mobile devices offer users the same capabilities as PCs, they also offer the same rewards for the criminal underground.

Cabir’s first year

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox