A King’s Ransom It is Not

The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves “The ShadowBrokers”. These WannaCry and ExPetr…

The NukeBot banking Trojan: from rough drafts to real threats

This spring, the author of the NukeBot banking Trojan published the source code of his creation. He most probably did so to restore his reputation on a number of hacker…

No Free Pass for ExPetr

Recently, there have been discussions around the topic that if our product is installed, ExPetr malware won’t write the special malicious code which encrypts the MFT to MBR. Some have…

The Magala Trojan Clicker: A Hidden Advertising Threat

One large group will slowly conquer another large group, reduce its numbers, and thus lessen its chance of further variation and improvement. <…> Small and broken groups and sub-groups will…

Bitscout – The Free Remote Digital Forensics Tool Builder

Being a malware researcher means you are always busy with the struggle against mountains of malware and cyberattacks around the world. Over the past decade, the number of daily new…

In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine

While the (cyber-)world was still shaking under the destructive ExPetr/Petya attack that hit on June 27, another ransomware attack targeting Ukraine at the same time went almost unnoticed. So far,…

From BlackEnergy to ExPetr

Much has been written about the recent ExPetr/NotPetya/Nyetya/Petya outbreak – you can read our findings here:Schroedinger’s Pet(ya) and ExPetr is a wiper, not ransomware. As in the case of Wannacry,…

ExPetr/Petya/NotPetya is a Wiper, Not Ransomware

After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment…

Schroedinger’s Pet(ya)

Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. If you were…

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst…

KSN Report: Ransomware in 2016-2017

This report has been prepared using depersonalized data processed by Kaspersky Security Network (KSN). The metrics are based on the number of distinct users of Kaspersky Lab products with the…

Ztorg: from rooting to SMS

I’ve been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps. All of them were rooting malware that…

Honeypots and the Internet of Things

There were a number of incidents in 2016 that triggered increased interest in the security of so-called IoT or ‘smart’ devices. They included, among others, the record-breaking DDoS attacks against…

Nigerian phishing: Industrial companies under attack

In late 2016, the Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) reported on phishing attacks that were primarily targeting industrial companies from the metallurgy,…

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the…

SambaCry is coming

Not long ago, news appeared online of a younger sibling for the sensational vulnerability EternalBlue. The story was about a new vulnerability for *nix-based systems – EternalRed (aka SambaCry). This…

Dvmap: the first Android malware with code injection

In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system,…

50 hashes per hour

How often do you turn off your computer when you go home from work? We bet you leave it on so you don’t have to wait until it boots up…

Feds Charge NSA Contractor Accused of Exposing Russian Hacking

The arrest of an alleged source of a classified leak to the Intercept offers a lesson in the risks of spilling secrets. The post Feds Charge NSA Contractor Accused of…

Hack Brief: Dangerous ‘Fireball’ Adware Infects a Quarter Billion PCs

A widespread adware infection hides the ability to inflict far worse than spammy browser tweaks. The post Hack Brief: Dangerous ‘Fireball’ Adware Infects a Quarter Billion PCs appeared first on…