New zero-day vulnerability CVE-2019-0859 in win32k.sys

In March 2019, our automatic Exploit Prevention (EP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us…

New zero-day vulnerability CVE-2019-0859 in win32k.sys

In March 2019, our automatic Exploit Prevention (EP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us…

Large-scale SIM swap fraud

Introduction SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an…

Project TajMahal – a sophisticated new APT framework

Executive summary ‘TajMahal’ is a previously unknown and technically sophisticated APT framework discovered by Kaspersky Lab in the autumn of 2018. This full-blown spying framework consists of two packages named…

Digital Doppelgangers

Carding exists for over 20 years. And it is not dead yet. It is alive, and even more – it is being actively developed by cybercriminals. The “good” old method…

BasBanke: Trend-setting Brazilian banking Trojan

BasBanke is a new Android malware family targeting Brazilian users. It is a banking Trojan built to steal financial data such as credentials and credit/debit card numbers, but not limited…

Roaming Mantis, part IV

One year has passed since we published the first blogpost about the Roaming Mantis campaign on securelist.com, and this February we detected new activities by the group. This blogpost is…

Game of Threats

Introduction While the way we consume TV content is rapidly changing, the content itself remains in high demand, and users resort to any means available to get at it –…

Bots and botnets in 2018

Due to the wide media coverage of incidents involving Mirai and other specialized botnets, their activities have become largely associated with DDoS attacks. Yet this is merely the tip of…

The return of the BOM

There’s nothing new in Brazilian cybercriminals trying out new ways to stay under the radar. It’s just that this time around the bad guys have started using a method that…

Threat Landscape for Industrial Automation Systems in H2 2018

H2 2018 in figures All statistical data used in this report was collected using the Kaspersky Security Network (KSN), a distributed antivirus network. The data was received from those KSN…

Cryptocurrency businesses still being targeted by Lazarus

It’s hardly news to anyone who follows cyberthreat intelligence that the Lazarus APT group targets financial entities, especially cryptocurrency exchanges. Financial gain remains one of the main goals for Lazarus,…

Operation ShadowHammer

Earlier today, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software. While the investigation is still in…

AZORult++: Rewriting history

The AZORult Trojan is one of the most commonly bought and sold stealers in Russian forums. Despite the relatively high price tag ($100), buyers like AZORult for its broad functionality…

Hacking microcontroller firmware through a USB

In this article, I want to demonstrate extracting the firmware from a secure USB device running on the Cortex M0. Who hacks video game consoles? The manufacture of counterfeit and…

The fourth horseman: CVE-2019-0797 vulnerability

In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us…

Spam and phishing in 2018

Numbers of the year The share of spam in mail traffic was 52.48%, which is 4.15 p.p. less than in 2017. The biggest source of spam this year was China…

A predatory tale: Who’s afraid of the thief?

In mid-February, Kaspersky Lab received a request for incident response from one of its clients. The individual who initially reported the issue to our client refused to disclose the origin…

Financial Cyberthreats in 2018

Introduction and Key Findings The world of finance has been a great source of income cybercriminals across the world due to an obvious reason – money. While governments and organizations…

Pirate matryoshka

The use of torrent trackers to spread malware is a well-known practice; cybercriminals disguise it as popular software, computer games, media files, and other sought-after content. We detected one such…