Threat Category: Windows malware | Page 2

Kaspersky observes a growth in malvertising activity that exploits Google search ads to promote fake software websites that deliver stealers, such as RedLine and Rhadamantys.

In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend.

Key statistics for 2022: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT.

PC malware statistics for Q3 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.

In recent campaigns DTrack targets organizations in Europe and Latin America, and uses more delivery stages.

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families.

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.

Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users.

A malicious bundle containing the RedLine stealer and a miner is distributed on YouTube through cheats and cracks ads for popular games.

In this report, we discuss the new multi-platform ransomware RedAlert (aka N13V) and Monster, as well as private 1-day exploits for the CVE-2022-24521 vulnerability.

We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI. They were masquerading as one of the most popular open-source packages named “requests“.

Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.

ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families.

This week, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”.

This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.

Reports

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Windows malware

Malvertising through search engines

Crimeware trends: self-propagation and driver exploitation

Kaspersky Security Bulletin 2022. Statistics

IT threat evolution in Q3 2022. Non-mobile statistics

DTrack activity targeting Europe and Latin America

Uncommon infection and malware propagation methods

NullMixer: oodles of Trojans in a single dropper

Mass email campaign with a pinch of targeted spam

Self-spreading stealer attacks gamers via YouTube

Ransomware updates & 1-day exploits

Two more malicious Python packages in the PyPI

IT threat evolution in Q2 2022. Non-mobile statistics

IT threat evolution Q2 2022

LofyLife: malicious npm packages steal Discord tokens and bank card data

Luna and Black Basta — new ransomware for Windows, Linux and ESXi

Reports

Focus on DroxiDat/SystemBC

APT trends report Q2 2023

Operation Triangulation: iOS devices targeted with previously unknown malware

Meet the GoldenJackal APT group. Don’t expect any howls

Subscribe to our weekly e-mails