Unix and macOS malware

FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset, we has been tracking deployments of this spyware since 2011. In the report we decided to share some of our unseen findings about the actual state of FinSpy implants.

PC threat statistics for Q2 2021 contain data on miners, encrypting ransomware, financial malware and threats to Windows, macOS and IoT.

SolarWinds attacks, MS Exchange vulnerabilities, fake adblocker distributing miner, malware for Apple Silicon platform and other threats in Q1 2021.

In Q1 2021, we blocked more than 2 billion attacks launched from online resources across the globe, detected 77.4M unique malicious and potentially unwanted objects, and recognized 614M unique URLs as malicious.

In the EU, 70% of user computers experienced at least one Malware-class attack, 115,452,157 web attacks and 86,584,675 phishing attempts were blocked.

Convuster adware for macOS is written in Rust and able to use Gatekeeper to evade analysis.

As we observe a growing interest in the newly released Apple Silicon platform from malware adversaries, this inevitably leads us to new malware samples compiled for it. In this article, we are going to take a look at threats for Macs with the Apple M1 chip on board.

Kaspersky solutions blocked 666,809,967 attacks launched from online resources in various countries across the world, 173,335,902 unique URLs were recognized as malicious by Web Anti-Virus.

Kaspersky solutions blocked 1,416,295,227 attacks launched from online resources across the globe. Ransomware attacks were defeated on the computers of 121,579 unique users.

We recently discovered a new file-encrypting Trojan built as an ELF executable and intended to encrypt data on machines controlled by Linux-based operating systems.

During the second quarter Kaspersky solutions blocked 899,744,810 attacks launched from online resources across the globe, as many as 286,229,445 unique URLs triggered Web Anti-Virus components.

The MATA malware framework possesses several components, such as loader, orchestrator and plugins. The framework is able to target Windows, Linux and macOS operating systems.

Operation AppleJeus, news about Roaming Mantis, watering-hole websites in Asia, virus blast from the past and other targeted attacks and malware campaigns.

Kaspersky solutions blocked 726,536,269 attacks launched from online resources across the globe, a total of 442,039,230 unique URLs were recognized as malicious.

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020.