Financial threats

Prilex is a Brazilian threat actor focusing on ATM and PoS attacks. In this report, we provide an overview of its PoS malware.

In this report, we analyze malware, potentially unwanted applications and phishing cases related to most popular video games and cheats for these games.

In this report Kaspersky provides incident response statistics for 2021, as well as conclusions based on investigations of the real incidents.

Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.

ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families.

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies.

This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.

We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.

The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data.

This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop.

Kaspersky experts have found a vulnerability in the Yanluowang encryption algorithm and created a free decryptor to help victims of this ransomware with recovering their files.

A new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, but the group is also known as BlackCat. Two recent BlackCat incidents stand out as particularly interesting.

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

This report provides insight into 2021 financial threat trends and statistics, including data on banking malware for Windows and Android, banking, payment system and e-shop phishing, etc.

It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income.