Windows malware

Incidents

Koobface on the rise

In June, we saw an explosive rise in the number of Koobface modifications – the number of variants we detected jumped from 324 at the end of May to nearly 1000 by the end of June.

Research

Bot-watching 2

We just described what happens on Kido controlled machines when the spambot Iksmas is installed and launched. However, Kido is also downloading a fake antivirus named SpywareProtect2009.

Reports

ToddyCat: your hidden email assistant. Part 2

An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.