Mobile threats

Files with the extension “.bak” are treated differently. They are decrypted using a custom AMPRNG algorithm with a hardcoded key, then decompressed using LZMA

In the Device notification callback function, the module logs each connection and disconnection event. When a device is connected, it starts a new thread that manipulates this device

Here’s a link to the full paper (part 1) about our Red October research. During the next days, we’ll be publishing Part 2, which contains a detailed technical analysis of all the known modules. Please stay tuned. During the past five years, a high-level cyber-espionage campaign has successfully infiltrated computer networks at diplomatic, governmental and

In October 2012, Kaspersky Lab’s Global Research & Analysis Team initiated a new threat research after a series of attacks against computer networks of various international diplomatic service agencies

Before 2012, there were only two instances of cyber weapons being used – Stuxnet and Duqu. However, analysis of these two forced the IT community to dramatically expand the whole concept of what cyber warfare entails

Like many others, I took advantage of Amazon.com’s sale and ordered a Kindle Fire HD last week. When I got around to exploring the Amazon App Store, it didn’t take long before running into malware.

When the mobile version of Carberp Trojan appeared (we detect it as Trojan-Spy.AndroidOS.Citmo, Carberp-in-the-Mobile) Man-in-the-Mobile attacks became real in Russia as well.

This section of the report forms part of the Kaspersky Security Bulletin 2012 and is based on data obtained and processed using Kaspersky Security Network (KSN).

This is Kaspersky Lab’s annual threat analysis report covering the major issues faced by corporate and individual users alike as a result of malware, potentially harmful programs, crimeware, spam, phishing and other different types of hacker activity.

According to KSN data, Kaspersky Lab products detected and neutralized 1,347,231,728 threats in Q3 2012.

According to KSN data, Kaspersky Lab products detected and neutralized over 1 billion threats in Q2 2012.

We’ve got 5 new files of ZitMo: 4 for Blackberry and 1 for Android.

A new family of SMS Trojans named Vidro appeared a few days ago but we’ve already collected a lot of APK files with very similar functionality. At the moment all the samples we have found target users only from Poland.

Yesterday we were contacted by our partner MegaFon, one of the major mobile carriers in Russia. They notified us about a suspicious application, which was found in both the Apple App Store and Google Play. At first glance, this seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself.
However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan-Spy that uploads a user’s phonebook to remote server. The “replication” part is done by the server – SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.

On the 4th of June 2012 we found 3 APK files heuristically detected by our engine as HEUR:Trojan-Spy.AndroidOS.Zitmo.a. All these applications are malicious and were created to steal incoming SMS messages from infected devices.