Windows malware

Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.

We dissect a recent incident where npm packages with millions of downloads were infected by the Shai-Hulud worm. Kaspersky experts describe the starting point for the source of the infection.

Kaspersky GReAT expert takes a closer look at the RevengeHotels threat actor’s new campaign, including AI-generated scripts, targeted phishing, and VenomRAT.

The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q2 2025.

We examine the evolution of the PipeMagic backdoor and the TTPs of its operators – from the RansomExx incident in 2022 to attacks in Brazil and the Middle East, and the exploitation of CVE-2025-29824 in 2025.

The Efimer Trojan spreads through email and hacked WordPress websites, steals cryptocurrency, and substitutes wallets in the clipboard.

In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. Kaspersky solutions successfully counter and detect this threat.

A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon.

Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.

Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices.

Kaspersky GReAT experts discovered a new malicious implant: BrowserVenom. It enables a proxy in browsers like Chrome and Mozilla and spreads through a DeepSeek-mimicking phishing website.

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

The report presents statistics for Windows, macOS, IoT, and other threats, including ransomware, miners, local and web-based threats, for Q1 2025.

This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.

During incident response activities, our GERT team discovered Lumma Stealer in a customer’s infrastructure. Our experts conducted an investigation and analyzed its distribution scheme in detail.