Threat Category: Windows malware | Page 15

We have discovered a new Tor-based malware, named “ChewBacca” and detected as “Trojan.Win32.Fsysna.fej”. Adding Tor to malware is not unique to this sample, but it’s still a rare feature.

The more people switch to 64-bit platforms, the more 64-bit malware appears. We have been following this process for several years now.

Last week, Kaspersky Lab identified a mass mailing of phishing letters sent in the name of leading IT security providers.

Yesterday morning we received a sample from Cuba of a malware that looks for the audio and video file extensions after infecting a victim’s machine.

New trick from cybercriminals of Brazil – a suspicious message arrives to the user with a file attached. Inside the RTF file there is a well-known Brazilian Trojan banker belonging to the family Trojan.Win32.ChePro.

Proxy auto-config (PAC) files are a modern resource that exist on all modern browsers.

According to KSN data, Kaspersky Lab products detected and neutralized a total of 983 051 408 threats in the second quarter of 2013.

Recent months have produced little of interest among worms written in Java and script languages such as JavaScript and VBScript.

We know that the family of malware called Trojan.MSIL.Jumcar and Trojan.Win32.Jumcar was developed in Peru with the primary aim of attacking Peruvian users.

According to KSN data, Kaspersky Lab products detected and neutralized 1 345 570 352 threats in Q1 2013.

It has been three years since we published Lock, stock and two smoking Trojans in our blog. The article describes the first piece of malware designed to attack users of online banking software developed by a company called BIFIT.

Don’t believe your eyes but check if you still have your AV solution. Instead of fighting AV detections, cybercriminals from Brazil just replace them with their own fake solutions.

This section of the report forms part of the Kaspersky Security Bulletin 2012 and is based on data obtained and processed using Kaspersky Security Network (KSN).

According to KSN data, Kaspersky Lab products detected and neutralized 1,347,231,728 threats in Q3 2012.

Many things have been told already about the latest Skype malware spread via instant messages. However I just wanted to add something not mentioned yet.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Windows malware

ChewBacca – a New Episode of Tor-based Malware

The Inevitable Move – 64-bit ZeuS Enhanced With Tor

ZeuS – now packed as an antivirus update

Multimedia Overwriter with Spy Features

Brazilian Bankers Gone Wild: Now Using Malicious Office Files

PAC – the Problem Auto Config

IT Threat Evolution: Q2 2013

AutoRun. Reloaded

Jumcar. Peruvian Navy? Who could be behind it? [Third part]

IT Threat Evolution: Q1 2013

Lock, stock and two smoking Trojans-2

Brazilian Masquerade

Kaspersky Security Bulletin 2012. The overall statistics for 2012

IT Threat Evolution: Q3 2012

Hidden Details about the last Skype Spread Malware

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails