Windows malware

We analyze the latest activity by the Cloud Atlas gang. The attacks employ the PowerShower, VBShower and VBCloud modules to download victims’ data with various PowerShell scripts.

Kaspersky experts analyze attacks by C.A.S, a cybergang that uses uncommon remote access Trojans and posts data about victims in public Telegram channels.

Kaspersky experts review dark market trends in 2024, such as popularity of cryptors, loaders and crypto drainers on the dark web, and discuss what to expect in 2025.

While the CrowdStrike incident is still fresh in our minds, Kaspersky experts look back on similar IT outages that happened in 2024 and predict potential threats for 2025.

Kaspersky researchers demonstrate capabilities of hrtng plugin for IDA Pro, share tips on working with IDA and reverse engineer FinSpy malware with these tools.

The “Kaspersky Security Bulletin 2024. Statistics” report contains statistics on cyberthreats for the period from November 2023 through October 2024. It covers such threats as financial malware, ransomware, miners, malware for IoT and macOS, vulnerabilities and others.

Attackers are sending malicious scripts that download the Remote Manipulator System (RMS) build, known as BurnsRAT, and NetSupport RAT

The non-mobile threat report for Q3 2024 contains data on ransomware, miners, and macOS and IoT threats.

In this part of the malware report we discuss the most remarkable findings of Q3 2024, including APT and hacktivist attacks, ransomware, stealers, macOS malware and so on.

Kaspersky experts describe an Elpaco ransomware sample, a Mimic variant, which abuses the Everything search system for Windows and provides custom features via a GUI.

Kaspersky experts share their insights into cyberthreats that face online shoppers in 2024: phishing, banking trojans, fake shopping apps and Black Friday sales on the dark web data market.

Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims.

Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns.

Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle.

Malicious CAPTCHA distributed through ad networks delivers the Amadey Trojan or the Lumma stealer, which pilfers data from browsers, password managers, and crypto wallets.