Windows malware

While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky expert discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution.

The TookPS malicious downloader is distributed under the guise of DeepSeek, and further mimics UltraViewer, AutoCAD, SketchUp, Ableton, and other popular tools.

Kaspersky experts describe a new wave of attacks distributing the DCRat backdoor through YouTube under the guise of game cheats.

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites.

Attackers blackmail YouTubers with complaints and account blocking threats, forcing them to distribute a miner disguised as a bypass tool.

Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing how web shells have evolved.

Kaspersky experts analyze the Angry Likho APT group’s attacks, which use obfuscated AutoIt scripts and the Lumma stealer for data theft.

Kaspersky GReAT experts have discovered a new campaign distributing the XMRig cryptominer through popular games such as BeamNG.drive and Dyson Sphere Program on torrent trackers.

How cyberattackers exploit group policies, what risks attacks like these pose, and what measures can be taken to protect against such threats.

We analyze the latest activity by the Cloud Atlas gang. The attacks employ the PowerShower, VBShower and VBCloud modules to download victims’ data with various PowerShell scripts.

Kaspersky experts analyze attacks by C.A.S, a cybergang that uses uncommon remote access Trojans and posts data about victims in public Telegram channels.

Kaspersky experts review dark market trends in 2024, such as popularity of cryptors, loaders and crypto drainers on the dark web, and discuss what to expect in 2025.

While the CrowdStrike incident is still fresh in our minds, Kaspersky experts look back on similar IT outages that happened in 2024 and predict potential threats for 2025.

Kaspersky researchers demonstrate capabilities of hrtng plugin for IDA Pro, share tips on working with IDA and reverse engineer FinSpy malware with these tools.