Threat Category: Financial threats | Page 2

As Anti-Ransomware Day approaches, Kaspersky shares insights into the ransomware threat landscape and trends in 2023, and recent anti-ransomware activities by governments and law enforcement.

In this report, we share our insights into the 2023 trends and statistics on financial threats, such as phishing, PC and mobile banking malware.

We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.

We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil.

An overview of last year’s predictions for corporate and dark web threats and our predictions for 2024.

Key statistics for 2023: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT.

Kaspersky assesses last year’s predictions for the financial threat landscape, and tries to anticipate crimeware trends for the coming year 2024.

In this report, we share our latest crimeware findings: the ASMCrypt cryptor/loader related to DoubleFinger, a new Lumma stealer and a new version of Zanubis Android banking trojan.

The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident.

The smartphone malware statistics for Q2 2023 includes data for Android malware, adware, banking Trojans and ransomware.

Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others.

In September of 2022, multiple security news professionals wrote about and confirmed the leakage of a builder for Lockbit 3 ransomware. In this post we provide the analysis of the builder and recently discovered builds.

What Malware-as-a-Service includes, on what terms cybercriminals offer it, and what malware they most often distribute under this model

Kaspersky researchers share insight into multistage DoubleFinger loader attack delivering GreetingGhoul cryptocurrency stealer and Remcos RAT.

Recent BlueNoroff and Roaming Mantis activities, new APT related to the Russo-Ukrainian conflict, ChatGPT and threat intelligence, malvertising through search engines, cryptocurrency theft campaign and fake Tor browser

Reports

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Financial threats

State of ransomware in 2024

Financial cyberthreats in 2023

SoumniBot: the new Android banker’s unique techniques

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

Dark web threats and dark market predictions for 2024

Kaspersky Security Bulletin 2023. Statistics

Crimeware and financial cyberthreats in 2024

A cryptor, a stealer and a banking trojan

From Caribbean shores to your devices: analyzing Cuba ransomware

IT threat evolution in Q2 2023. Mobile statistics

IT threat evolution in Q2 2023

Lockbit leak, research opportunities on tools leaked from TAs

Understanding Malware-as-a-Service

Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency

IT threat evolution Q1 2023

Reports

SideWinder targets the maritime and nuclear sectors with an updated toolset

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Subscribe to our weekly e-mails