Securelist - Kaspersky Lab's cyberthreat research and reports

Calisto Trojan for macOS

Jul 20, 2018, 10:00 am

As researchers we interesting in developmental prototypes of malware that have had limited distribution or not even occurred in the wild. We recently came across one such sample: a macOS backdoor that we named Calisto. Read Full Article

Research

The return of Fantomas, or how we deciphered Cryakl

Jul 17, 2018, 10:00 am

Kaspersky Lab

This spring marked the fourth anniversary of the malware’s first attacks. Against the backdrop of a general decline in ransomware activity (see our report), we decided to return to the topic of Cryakl and tell in detail about how one of the most eye-catching members of this endangered species evolved. Read Full Article

Opinion

Coinvault, the court case

Jul 12, 2018, 6:00 pm

Jornt van der Wiel

Today, after almost 3 years of waiting, it was finally the day of the trial. In the Netherlands, where the whole case took place, the hearings are open to the public. Meaning anyone who is interested can visit. And it was quite busy. Read Full Article

Research

Delving deep into VBScript

Jul 3, 2018, 1:00 pm

Boris Larin

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that uses a well-known technique from the PoC exploit CVE-2014-6332. But whereas CVE-2014-6332 was aimed at integer overflow exploitation for writing to arbitrary memory locations, my interest lay in how this technique was adapted to exploit the use-after-free vulnerability. Read Full Article

Research

Pbot: evolving adware

Jun 26, 2018, 10:00 am

Anton V. Ivanov

It was more than a year ago that we detected the first member of Pbot family. Since then, we have encountered several modifications of the program, one of which went beyond adware by installing and running a hidden miner on victim computers. Read Full Article

Software

Modern OSs for embedded systems

Jun 20, 2018, 10:00 am

Alexander Shadrin, Andrey Nikishin

At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering for embedded systems (or, in other words, the internet of things). Our primary interest is how and to what degree these OSs can solve cybersecurity-related issues. Read Full Article

APT reports

Olympic Destroyer is still alive

Jun 19, 2018, 10:00 am

GReAT

In May-June 2018 we discovered new spear-phishing documents that closely resembled weaponized documents used by Olympic Destroyer in the past. This and other TTPs led us to believe that we were looking at the same actor again. However, this time the attacker has new targets. Read Full Article

APT reports

LuckyMouse hits national data center to organize country-level waterholing campaign

Jun 13, 2018, 10:00 am

Denis Legezo

In March 2018 we detected an ongoing campaign targeting a national data center in the Central Asia that we believe has been active since autumn 2017. The choice of target made this campaign especially significant – it meant the attackers gained access to a wide range of government resources at one fell swoop. Read Full Article

Research

A MitM extension for Chrome

Jun 6, 2018, 10:00 am

Vyacheslav Bogdanov

Browser extensions make our lives easier: they hide obtrusive advertising, translate text, help us choose in online stores, etc. There are also less desirable extensions, including those that bombard us with advertising or collect information about our activities. These pale into insignificance, however, when compared to extensions whose main aim is to steal money. Read Full Article