Unix and macOS malware

In this part of the malware report we discuss the most remarkable findings of Q3 2024, including APT and hacktivist attacks, ransomware, stealers, macOS malware and so on.

Kaspersky researchers investigated a number of stealer attacks over the past year, and they are now sharing some details on the new Kral stealer, recent AMOS version and Vidar delivering ACR stealer.

This report presents statistics on PC threats for Q2 2024, including data on ransomware, miners, threats to macOS and IoT devices.

In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc.

Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers.

Kaspersky researchers investigated three ransomware groups that tapped newly built malware samples based on Babuk, Lockbit, Chaos and others, while lacking professional resources.

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.

In this report, we review the most significant malware-related events of Q1 2024: the disclosure of the hardware vulnerability used in Operation Triangulation, a lightweight method to detect iOS malware and DinodasRAT Linux implant.

In this report, Kaspersky shares non-mobile malware statistics for Q1 2024, including ransomware, miner and macOS malware statistics.

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.

Infected versions of the text editors VNote and Notepad‐‐ for Linux and macOS, apparently loading a backdoor, are being distributed through a Chinese search engine.

We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.

We uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities.

In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS.