Windows malware

Mobile espionage targeting the Middle East, new FinSpy iOS and Android implants, Dtrack banking malware and other security news

This report contains the results of the Managed Detection and Response (MDR) service. The MDR service provides managed threat hunting and initial incident response.

Targeted attacks, malware campaigns and other security news in Q2 2019.

Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across the globe, 217,843,293 unique URLs triggered Web Anti-Virus components.

This cybercriminal’s thirst for stolen data is confirmed by the statistics: in the first half of 2019, more than 940,000 users were attacked by malware designed to harvest a variety of data on the computers. The threat’s called “Stealer Trojans” or Password Stealing Ware (PSW), a type of malware designed to steal passwords, files, and other data from victim computers.

When Sodin appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers.

The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins.

To find out exactly how cybercriminals capitalize on the rise in illegal downloads of TV content, we have researched the landscape of malware threats disguised as new episodes of popular TV shows distributed through torrent websites.

Due to the wide media coverage botnets activities have become largely associated with DDoS attacks. Yet this is merely the tip of the iceberg, and botnets are used widely not only to carry out DDoS attacks, but to steal various user information.

There’s nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It’s just that this time around the bad guys have started using a method that was reported in the wild years ago – the UTF-8 BOM (Byte Order Mark) additional bytes.

In early March 2019, a number of malicious files detected by our products caught the eye. Although similar to AZORult stealer already known to us, unlike the original malware, they were written not in Delphi, but in C++.

Predator is a data stealer developed by Russian-speaking individuals. It’s being sold cheaply on Russian forums and has been detected many times in the wild.

The presented report continues the series of Kaspersky Lab reports that provide an overview of how the financial threat landscape has evolved over the years. It covers the common phishing threats that users encounter, along with Windows-based and Android-based financial malware.

During the year, Kaspersky Lab solutions repelled 1 876 998 691 attacks launched from online resources located all over the world, 554 159 621 unique malicious objects were detected and 21 643 946 unique URLs were recognized as malicious by web antivirus components.

These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. Q3 figures According to Kaspersky Security Network: Kaspersky Lab solutions blocked 947,027,517 attacks launched from online resources located in 203 countries. 246,695,333 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted infections by