SparkCat crypto stealer in Google Play and App Store
Kaspersky experts discover iOS and Android apps infected with the SparkCat crypto stealer in Google Play and the App Store. It steals crypto wallet data using an OCR model.
'Vo1d' Trojan Malware Infects 1.3 Million Android-Based TV Boxes Globally
Antivirus firm Dr.Web has flagged a type of Android malware known as Android.Vo1d that has infected about 1.3 million TV boxes across 197 countries. The malware effectively enables a backdoor into the TV box's system that allows an attacker to download and install malicious third-party software. The R4 TV box model running Android 7.1.2, a TV Box running Android 12.1, and the KJ-SMART4KVIP TV box running Android 10.1 were the types of devices reportedly impacted.
HZ Rat backdoor for macOS harvests data from WeChat and DingTalk
Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers.
WordPress Websites Used to Distribute ClearFake Trojan Malware
Learn about the ClearFake Trojan malware distributed via WordPress sites, its tactics, and how to safeguard your online experience.
Extension Trojan Malware Campaign
Malwares make no distinction between corporate and personal devices. Therefore, past perceptions of different levels of antivirus for businesses and households must be challenged. ReasonLabs is the first endpoint protection based on a multilayered machine-learning engine, that provides enterprise-grade security for all your personal devices.
Leaked LockBit builder in a real-life incident response case | Securelist
Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.
A backdoor with a cryptowallet stealer inside cracked macOS software
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.
Web injections are back on the rise: 40+ banks affected by new malware campaign
DanaBot is a sophisticated banking trojan targeting financial institutions and their customers. Now, a new global campaign has put more users at risk.
Analysis of a new macOS Trojan-Proxy
A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address. Illegally distributed software historically has served as a way to sneak malware onto victims’ devices. Oftentimes, users are not willing to pay for software tools they need, so they go searching the Web for a “free lunch”. They are an excellent target for cybercriminals who realize that an individual looking for a cracked app will be willing to download an installer from a questionable website and disable security on their machine, and so they will be fairly easy to trick into installing malware as well.
Stolen certificates in two waves of ransomware and wiper attacks | Securelist
In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.
Malware on the Google Play store leads to harmful phishing sites
A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.
NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist
NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.
Two more malicious Python packages in the PyPI
We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI.
Stolen certificates in two waves of ransomware and wiper attacks | Securelist
In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.
Malware on the Google Play store leads to harmful phishing sites
A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as different variants of Android/Trojan.HiddenAds. Yet, the developer is still on Google Play dispensing its latest HiddenAds malware.
NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist
NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.
Two more malicious Python packages in the PyPI
We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI.
Two more malicious Python packages in the PyPI
We used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI.