Author Archives: admin

Inside the Kronos malware – part 1

Recently, a researcher nicknamed MalwareTech famous from stopping the WannaCry ransomware, got arrested for his alleged contribution into creating the Kronos banking malware. We are still not having a clear picture whether the the allegations are true or not – … Continue reading

Posted in Antivirus | Comments Off on Inside the Kronos malware – part 1

Booking a Taxi for Faketoken

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN codes to an encrypter. The authors of its newer … Continue reading

Posted in Antivirus | Comments Off on Booking a Taxi for Faketoken

Locky ransomware returns to the game with two new flavors

We recently observed a fresh malicious spam campaign pushed through the Necurs botnet distributing so far, two new variants of Locky ransomware. In our last Q2 2017 report on tactics and techniques, we mentioned that Locky ransomware had reappeared with … Continue reading

Posted in Antivirus | Comments Off on Locky ransomware returns to the game with two new flavors

ShadowPad in corporate networks

 ShadowPad, part 2: Technical Details (PDF) style=”margin-bottom:0!important”> In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of … Continue reading

Posted in Antivirus | Comments Off on ShadowPad in corporate networks

IT threat evolution Q2 2017

Targeted attacks and malware campaigns Back to the future:  looking for a link between old and new APTs This year’s Security Analyst Summit (SAS) included interesting research findings on several targeted attack campaigns.  For example, researchers from Kaspersky Lab and … Continue reading

Posted in Antivirus | Comments Off on IT threat evolution Q2 2017

Week in Security (August 7 – August 13)

Last week, we explained how security certificates work and how malware authors have used them to block security software from being downloaded and executed. We also showed how the Magnitude exploit kit is spreading a Cerber ransomware variant that uses … Continue reading

Posted in Antivirus | Comments Off on Week in Security (August 7 – August 13)

Back to school cybersecurity tips for parents and kids

The time to start the new school term is just around the corner. And for parents, the excitement and anxiety may be palpable, especially if it’s their kid’s first time attending a new school. Ads for back-to-school gear start as … Continue reading

Posted in Antivirus | Comments Off on Back to school cybersecurity tips for parents and kids

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that … Continue reading

Posted in Antivirus | Comments Off on The return of Mamba ransomware

Cerber ransomware delivered in format of a different order of Magnitude

As a follow up to our study into the Magnitude exploit kit and its gate (which we profiled in a previous blog post), we take a look at an interesting technique used to distribute the Cerber ransomware. Exploit kits are … Continue reading

Posted in Antivirus | Comments Off on Cerber ransomware delivered in format of a different order of Magnitude

APT Trends report Q2 2017

Introduction Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service … Continue reading

Posted in Antivirus | Comments Off on APT Trends report Q2 2017