Securelist - Kaspersky Lab's cyberthreat research and reports

How do file partner programs work?

Aug 2, 2018, 10:00 am

It’s easy to notice if you’ve fallen victim to an advertising partner program: the system has new apps that you didn’t install, ad pages spontaneously open in the browser, ads appear on sites where they never used to, and so on. If you notice these symptoms on your computer, 99% of the time it’s “partner stuff”. Read Full Article

Research

A mining multitool

Jul 26, 2018, 10:00 am

Vladas Bulavas, Anatoly Kazantsev

Recently, an interesting miner implementation appeared on Kaspersky Lab’s radar. The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers. Read Full Article

Research

Calisto Trojan for macOS

Jul 20, 2018, 10:00 am

Mikhail Kuzin, Sergey Zelensky

As researchers we interesting in developmental prototypes of malware that have had limited distribution or not even occurred in the wild. We recently came across one such sample: a macOS backdoor that we named Calisto. Read Full Article

Research

The return of Fantomas, or how we deciphered Cryakl

Jul 17, 2018, 10:00 am

Kaspersky Lab

This spring marked the fourth anniversary of the malware’s first attacks. Against the backdrop of a general decline in ransomware activity (see our report), we decided to return to the topic of Cryakl and tell in detail about how one of the most eye-catching members of this endangered species evolved. Read Full Article

Opinion

Coinvault, the court case

Jul 12, 2018, 6:00 pm

Jornt van der Wiel

Today, after almost 3 years of waiting, it was finally the day of the trial. In the Netherlands, where the whole case took place, the hearings are open to the public. Meaning anyone who is interested can visit. And it was quite busy. Read Full Article

Spam and phishing

In cryptoland, trust can be costly

Jul 9, 2018, 10:00 am

Nadezhda Demidova

While the legal status of cryptocurrencies and laws to regulate them continue to be hammered out, scammers are busy exploiting the digital gold rush. Besides hacking cryptocurrency exchanges, exploiting smart-contract vulnerabilities, and deploying malicious miners, cybercriminals are also resorting to more traditional social-engineering methods that can reap millions of dollars. Read Full Article

Research

To crypt, or to mine – that is the question

Jul 5, 2018, 10:00 am

Egor Vasilenko, Orkhan Mamedov

Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. Now the criminals have decided to add a new feature to their creation – a mining capability. Read Full Article

Research

Delving deep into VBScript

Jul 3, 2018, 1:00 pm

Boris Larin

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that uses a well-known technique from the PoC exploit CVE-2014-6332. But whereas CVE-2014-6332 was aimed at integer overflow exploitation for writing to arbitrary memory locations, my interest lay in how this technique was adapted to exploit the use-after-free vulnerability. Read Full Article

Publications

Ransomware and malicious crypto miners in 2016-2018

Jun 27, 2018, 10:05 am

Kaspersky Lab

This report will examine what is hopefully ransomware’s last breath, in detail, along with the rise of mining. The report covers the period April 2017 to March 2018, and compares it with April 2016 – March 2017. Read Full Article