Kaspersky analysis of mobile subscription Trojans Joker (Jocker), MobOk, Vesub and GriftHorse and their activity: technical description and statistics.

Reports

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income.

Malware descriptions

Mobile subscription Trojans and their little tricks

A new secret stash for “fileless” malware

How to recover files encrypted by Yanluowang

Emotet modules and recent attacks

Roaming Mantis reaches Europe

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

Trickbot module descriptions

Ransomware in the CIS

FinSpy: unseen findings

QakBot technical analysis

Triada Trojan in WhatsApp mod

Malicious spam campaigns delivering banking Trojans

Black Kingdom ransomware

Gootkit: the cautious Trojan

Evolution of JSWorm ransomware

Congratulations, you’ve won! The reality behind online lotteries

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

Subscribe

Reports

APT trends report Q1 2022

Lazarus Trojanized DeFi app for delivering malware

MoonBounce: the dark side of UEFI firmware

The BlueNoroff cryptocurrency hunt is still on

Subscribe to our weekly e-mails