QBot banker delivered through business correspondence
In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mail letters...
Uncommon infection methods—part 2
Introduction
Although ransomware is still a hot topic on which we will keep on publishing, we also investigate and publish about other threats. Recently we explored the topic of infection methods, including...
Following the Lazarus group by tracking DeathNote campaign
The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, we’ll focus...
Nokoyawa ransomware attacks with Windows zero-day
In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North...
Overview of Google Play threats sold on the dark web
In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app...
The Telegram phishing market
Telegram has been gaining popularity with users around the world year by year. Common users are not the only ones who have recognized the messaging app’s handy features — cybercrooks have already...
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing...
Selecting the right MSSP: Guidelines for making an objective decision
Managed Security Service Providers (MSSPs) have become an increasingly popular choice for organizations nowadays following the trend to outsource security services. Meanwhile, with the growing number of MSSPs in the market,...
Financial cyberthreats in 2022
Financial gain remains the key driver of cybercriminal activity. In the past year, we’ve seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware...
Copy-paste heist or clipboard-injector attacks on cryptousers
It is often the case that something new is just a reincarnation of something old. We have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting...
- Advertisement -
APLICATIONS
Researchers Find BlackEnergy APT Links in ExPetr Code
Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks.
Source: Threadpost
