Month: January 2015 | Securelist

Users trust files signed with digital certificates, so cybercriminals are always keen to attach these certificates to their malicious files. This article explores the main threats associated with signed files, and proposes practical ways of minimizing the risks associated with launching them.

Loading...

Authors Categories Tags

Reports

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

January 2015

Why You Shouldn’t Completely Trust Files Signed with Digital Certificates

Comparing the Regin module 50251 and the “Qwerty” keylogger

The Syrian malware part 2: Who is The Joe?

An analysis of Regin’s Hopscotch and Legspin

Windows 10 Preview and Security

Microsoft Security Updates January 2015

Bitcoin value plunges following $5M Bitstamp Heist

The second round of CODE BLUE in Japan

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

RansomEXX Trojan attacks Linux systems

Reports

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Subscribe to our weekly e-mails