Mobile threats

In mid-February 2013 a Kaspersky user from Malaysia asked us to check a Google Play application called My HRMIS & JPA Demo developed by Nur Nazri.

The fifth part of our regular overview of mobile malware evolution was published one year ago, and now it’s time to review the events of 2012 to see just how accurate our forecasts were

We have come across PC malware that infects mobile devices before. However, in this case it’s the other way round: an app that runs on a mobile device (a smartphone) is designed to infect PCs.

Earlier this week, we published our report on “Red October”, a high-level cyber-espionage campaign that during the past five years has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations. In part one, we covered the most important parts of the campaign: the anatomy of the attack, a timeline of the attacker’s operation,

Based on the analysis of known cases, we identified two main ways through which Backdoor.Win32.Sputnik infects the victims

Most of the tasks are provided as one-time PE DLL libraries that are received from the server, executed in memory and then immediately discarded

The packer disrupts basic software breakpoints and some api hooking techniques, because it decrypts the original exe’s section contents onto heaps in-memory

Files with the extension “.bak” are treated differently. They are decrypted using a custom AMPRNG algorithm with a hardcoded key, then decompressed using LZMA

In the Device notification callback function, the module logs each connection and disconnection event. When a device is connected, it starts a new thread that manipulates this device

Here’s a link to the full paper (part 1) about our Red October research. During the next days, we’ll be publishing Part 2, which contains a detailed technical analysis of all the known modules. Please stay tuned. During the past five years, a high-level cyber-espionage campaign has successfully infiltrated computer networks at diplomatic, governmental and

In October 2012, Kaspersky Lab’s Global Research & Analysis Team initiated a new threat research after a series of attacks against computer networks of various international diplomatic service agencies

Before 2012, there were only two instances of cyber weapons being used – Stuxnet and Duqu. However, analysis of these two forced the IT community to dramatically expand the whole concept of what cyber warfare entails

Like many others, I took advantage of Amazon.com’s sale and ordered a Kindle Fire HD last week. When I got around to exploring the Amazon App Store, it didn’t take long before running into malware.

When the mobile version of Carberp Trojan appeared (we detect it as Trojan-Spy.AndroidOS.Citmo, Carberp-in-the-Mobile) Man-in-the-Mobile attacks became real in Russia as well.

This section of the report forms part of the Kaspersky Security Bulletin 2012 and is based on data obtained and processed using Kaspersky Security Network (KSN).