Financial threats

Malware descriptions

Shade: not by encryption alone

We recently found that a new logic in the latest version of the Shade encryptor currently being spread widely within the territories of Russia and CIS. On the basis of this logic, the ransomware checks the computer for any involvement in accounting activities and, if the check is successful, installs remote control tools into the compromised system instead of encrypting the victim’s files.

Incidents

Lurk: a danger where you least expect it

While we were researching the malicious program Lurk in early February 2016, we discovered an interesting oddity in how this banking Trojan spreads. From the data we had, it emerged that the users attacked by Lurk also installed the remote administration software Ammyy Admin on their computers.

Malware reports

KSN Report: Mobile ransomware in 2014-2016

The number of users attacked with ransomware is huge. But how big is it? Ransomware seems to be a global threat. But maybe there are regions at a higher risk of danger? There seem to be a lot of ransomware malware groups. But what are the most widespread and dangerous?

Malware reports

KSN Report: PC ransomware in 2014-2016

The number of users attacked with ransomware is huge. But how big is it? Ransomware seems to be a global threat. But maybe there are regions at a higher risk of danger? There seem to be a lot of ransomware malware groups. But what are the most widespread and dangerous?

Research

xDedic – the shady world of hacked servers for sale

Over the last two years, deep in the slums of the Internet, a different kind of underground market has flourished. The short, cryptic name perhaps doesn’t say much about it: xDedic. However, on this obscure marketplace anyone can purchase more than 70,000 hacked servers from all around the Internet.

Research

ATM infector

In 2009, instead of infecting the computers of users worldwide, criminals went directly after the ATM itself – infecting it with malware called Skimer. Seven years later, our experts discovered a new, improved, version of Skimer.

Malware descriptions

Locky: the encryptor taking the world by storm

In February 2016, the Internet was shaken by an epidemic caused by the new ransomware Trojan Locky. The Trojan has been actively propagating up to the present day. Kaspersky Lab products have reported attempts to infect users with the Trojan in 114 countries around the world. Analysis of the samples has shown that this Trojan is a brand new ransomware threat, written from scratch.

Publications

The evolution of Brazilian Malware

Cybercrime in Brazil has changed drastically in the last few years, as it shifted from simple keyloggers to tailored remote administration tools that can run a complete attack by using the victim machine. As we know, they are in touch with cybercriminals from Eastern Europe, mainly Russians.

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Subscribe to our weekly e-mails

The hottest research right in your inbox