Windows malware

This research is a continuation of our annual financial threat reports providing an overview of the latest trends and key events across the financial threat landscape. The study covers the common phishing threats, along with Windows and Android-based financial malware.

Fake ad blocker is delivering a Monero cryptocurrency miner to user computers.

Kaspersky solutions blocked 666,809,967 attacks launched from online resources in various countries across the world, 173,335,902 unique URLs were recognized as malicious by Web Anti-Virus.

MATA framework, Garmin attack, Operation PowerFall, DeathStalker group and other events of 2020.

During the second quarter Kaspersky solutions blocked 899,744,810 attacks launched from online resources across the globe, as many as 286,229,445 unique URLs triggered Web Anti-Virus components.

Targeted attacks and APT groups, new malware and the COVID-19 pandemic exploitation in the second quarter of 2020

Cyber threats aren’t relegated to the world of big businesses and large-scale campaigns. The most frequent attacks aren’t APTs and massive data breaches—they’re the daily encounters with malware and spam by everyday users.

In mid-April, our threat monitoring systems detected malicious files being distributed under the name “on the new initiative of the World Bank in connection with the coronavirus pandemic” (in Russian) with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit.

Thanks to the coronavirus pandemic, the role of the Internet in our lives has undergone changes, including irreversible ones. We decided to take a closer look at the changes around us through the prism of information security, starting with the video game industry.

Operation AppleJeus, news about Roaming Mantis, watering-hole websites in Asia, virus blast from the past and other targeted attacks and malware campaigns.

Kaspersky solutions blocked 726,536,269 attacks launched from online resources across the globe, a total of 442,039,230 unique URLs were recognized as malicious.

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020.

Methodology Financial cyberthreats are malicious programs that target users of services such as online banking, e-money, and cryptocurrency, or that attempt to gain access to financial organizations and their infrastructure. These threats are usually accompanied by spam and phishing activities, with malicious users creating fake financial-themed pages and emails to steal victims’ credentials. In order

After the previous story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom.

We discovered what appears to be one of AZORult’s most unusual campaigns: abusing the ProtonVPN service and dropping malware via fake ProtonVPN installers for Windows.