Threat Category: Windows malware | Page 8

Kaspersky observes a growth in malvertising activity that exploits Google search ads to promote fake software websites that deliver stealers, such as RedLine and Rhadamantys.

In this report, Kaspersky researchers discuss propagation methods of several ransomware families, and a vulnerable driver abuse case that may become a trend.

Key statistics for 2022: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT.

PC malware statistics for Q3 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.

In recent campaigns DTrack targets organizations in Europe and Latin America, and uses more delivery stages.

In this report, Kaspersky researchers discuss uncommon infection and propagation methods observed in certain crimeware families.

NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.

Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users.

A malicious bundle containing the RedLine stealer and a miner is distributed on YouTube through cheats and cracks ads for popular games.

In this report, we discuss the new multi-platform ransomware RedAlert (aka N13V) and Monster, as well as private 1-day exploits for the CVE-2022-24521 vulnerability.

We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI. They were masquerading as one of the most popular open-source packages named “requests“.

Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.

ToddyCat APT and WinDealer man-on-the-side attack, Spring4Shell and other vulnerabilities, ransomware trends and our in-depth analysis of the TTPs of the eight most widespread ransomware families.

This week, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”.

This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.

Reports

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Windows malware

Malvertising through search engines

Crimeware trends: self-propagation and driver exploitation

Kaspersky Security Bulletin 2022. Statistics

IT threat evolution in Q3 2022. Non-mobile statistics

DTrack activity targeting Europe and Latin America

Uncommon infection and malware propagation methods

NullMixer: oodles of Trojans in a single dropper

Mass email campaign with a pinch of targeted spam

Self-spreading stealer attacks gamers via YouTube

Ransomware updates & 1-day exploits

Two more malicious Python packages in the PyPI

IT threat evolution in Q2 2022. Non-mobile statistics

IT threat evolution Q2 2022

LofyLife: malicious npm packages steal Discord tokens and bank card data

Luna and Black Basta — new ransomware for Windows, Linux and ESXi

Reports

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Subscribe to our weekly e-mails