Mobile threats

A watering hole was discovered on January 10, 2020 utilizing a full remote iOS exploit chain to deploy a feature-rich implant named LightSpy. The site appears to have been designed to target users in Hong Kong based on the content of the landing page.

The other day, our Android traps ensnared an interesting specimen of software that can be used for stalking. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality.

We recently discovered a new strain of Android malware. Trojan-Spy.AndroidOS.Cookiethief turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server.

Kaspersky has continued to track the Roaming Mantis campaign. The group’s attack methods have improved and new targets continuously added in order to steal more funds.

In 2019, Kaspersky mobile products and technologies detected 3,503,952 malicious installation packages, 69,777 new mobile banking Trojans and 68,362 new mobile ransomware Trojans.

Cybercriminals use Trojan-Dropper.AndroidOS.Shopper.a to boost certain app’s rating and increase the number of installations and registrations. All this can be used, among other things, to dupe advertisers.

Kaspersky solutions blocked 989,432,403 attacks launched from online resources in 203 countries across the globe; 560,025,316 unique URLs were recognized as malicious by Web Anti-Virus components.

Mobile espionage targeting the Middle East, new FinSpy iOS and Android implants, Dtrack banking malware and other security news

Now one can say that only the lazy did not use Hqwar: Kaspersky’s collection of viruses features over 200,000 Trojans packed using Hqwar.

BRATA” is a new Android remote access tool malware family. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to.

Recently, the popular CamScanner – Phone PDF creator app caught our attention. After analyzing the app, we saw that the developer added an advertising library to it that contains a malicious dropper component.

Targeted attacks, malware campaigns and other security news in Q2 2019.

Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across the globe, 217,843,293 unique URLs triggered Web Anti-Virus components.

In the first half of 2019, more than 430,000 unique users were attacked by financial threats – seven percent more than during the same period in 2018. The number of financial attacks was 10,493,792 – 93% more than in the first half of 2018.

Since 2011 Kaspersky has continuously monitored the development of FinSpy and the emergence of new versions in the wild. According to our telemetry, several dozen unique mobile devices have been infected over the past year, with recent activity recorded in Myanmar in June 2019.