Potentially Unwanted Applications

This report contains the results of the Managed Detection and Response (MDR) service. The MDR service provides managed threat hunting and initial incident response.

Six months ago, we created a special alert that notifies users about commercial spyware (stalkerware) products installed on their phones. This report examines the use of stalkerware and the number of users affected by this software in the first eight months of 2019.

An extremely dangerous threat is a targeted attack on macOS and iOS users, mainly business users. Several well-known cybercriminal groups are currently working to develop malware for these operating systems.

Spyware might sound like a concept from a Hollywood movie, yet commercial versions of such programs – known in the cybersecurity industry as ‘stalkerware’ – are a daily reality for many people. For the price of just a few dollars, consumer spyware programs allow users to spy on their current or former partners, and even strangers

To find out exactly how cybercriminals capitalize on the rise in illegal downloads of TV content, we have researched the landscape of malware threats disguised as new episodes of popular TV shows distributed through torrent websites.

Cybercriminals are always coming up with new kinds of fraud. In this particular case, they employed a method for delivering malicious content through torrent trackers to install adware on user computers.

Users of mobile devices in 2018 faced what could be the strongest cybercriminal onslaught ever seen. Over the course of the year, we observed both new mobile device infection techniques and a step-up in the use of tried-and-tested distribution schemes (for example, SMS spam).

It’s easy to notice if you’ve fallen victim to an advertising partner program: the system has new apps that you didn’t install, ad pages spontaneously open in the browser, ads appear on sites where they never used to, and so on. If you notice these symptoms on your computer, 99% of the time it’s “partner stuff”.

Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production.

It was more than a year ago that we detected the first member of Pbot family. Since then, we have encountered several modifications of the program, one of which went beyond adware by installing and running a hidden miner on victim computers.

Last year we published a story revealing the rise of miners across the globe. At the time we had discovered botnets earning millions of USD. We knew this was just the beginning of the story, which turned out to develop rapidly.

Trojan.AndroidOS.Loapi boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more.

There’s certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method.

One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on.

Magala falls into the category of Trojan Clickers that imitate a user click on a particular webpage, thus boosting advertisement click counts. It’s worth pointing out that Magala doesn’t actually affect the user, other than consuming some of the infected computer’s resources. The main victims are those paying for the advertising.