Windows malware

While ransomware is a global threat, every now and then we see a variant that targets one specific region. Today we can add a new one to the list: Wildfire.

Brazil is the most infected country worldwide when it comes to banking Trojans, and the quality of the malware is evolving dramatically. Now Brazilian bad guys have made an important addition to their arsenal: the use of PowerShell.

Cybercrime in Brazil has changed drastically in the last few years, as it shifted from simple keyloggers to tailored remote administration tools that can run a complete attack by using the victim machine. As we know, they are in touch with cybercriminals from Eastern Europe, mainly Russians.

This is what we found in a new Brazilian Trojan in the wild: it tries to conceal the malicious files in a PNG image. And the attack starts with a simple phishing PDF.

Steam experiences steady growth in the number of active users registered on the platform. Security research has tragically ignored gaming malware in the mistaken assumption that nothing of any real value is traded there. This blind spot is being abused by cybercriminals to steal money and affect real damage.

We found a new wave of different campaigns spreading the initial “Banloader” components in Jar (Java archive). It’s able to run on Linux, OS X, Windows. It’s also able to run under certain circumstances even on mobile devices.

Recently we came across a new family of cross-platform backdoors for desktop environments. First we got the Linux variant, and with information extracted from its binary, we were able to find the variant for Windows desktops, too. Not only that, but the Windows version was additionally equipped with a valid code signing signature. Let´s have a look at both of them.

In 2015, virus writers demonstrated a particular interest in exploits for Adobe Flash Player. The proportion of relatively simple programs used in mass attacks was growing. Attackers have mastered non-Windows platforms – Android and Linux: almost all types of malicious programs are created and used for these platforms.

In the third quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 235,415,870 malicious attacks from online resources located all over the world. There were 5,686,755 registered notifications about attempted malware infections that aim to steal money via online access to bank accounts.

The evils of the .NET and PowerShell ecosystems began in quite an innocent manner, gradually evolving into the convoluted cybercrime scene that we’ve come to know nowadays.

Due to the high demand for Windows 10, Microsoft is releasing it gradually. This especially applies to certain countries.

Not so long ago, Kaspersky clients in the United States approached Kaspersky researchers with a request to investigate a new type of malicious software that they were able to recover from their organizations’ servers. The malware calls itself Grabit.

Knowing that many are on the lookout for emails from the Internal Revenue Service concerning pending refunds, criminals have crafted some of their own.

It’s getting dark outside and our favorite mail client beeps with excitement for a new missive in our inbox, something interesting perhaps?

In this article we look at the evolution of complication of the encryption schemes used by virus writers and the methods they adopt to put pressure on their victims. At the end of the article there is some advice for users which might help them protect important files.