New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.
We review the new mobile Trojan banker SoumniBot, which exploits bugs in the Android manifest parser to dodge analysis and detection.
https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/
Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.
https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.
In this report, we share our latest Android malware findings: the Tambir spyware, Dwphon downloader and Gigabud banking Trojan.
https://securelist.com/crimeware-report-android-malware/112121/
Kaspersky ICS CERT shares industrial threat statistics for H2 2023: most commonly detected malicious objects, threat sources, threat landscape by industry and region.
https://securelist.com/threat-landscape-for-industrial-automation-systems-h2-2023/112153/
In this report, we highlight the key points about a class of recently-patched elevation-of-privilege vulnerabilities affecting Microsoft Windows, and then focus on how to check if any of them ha...
Infected versions of the text editors VNote and Notepad‐‐ for Linux and macOS, apparently loading a backdoor, are being distributed through a Chinese search engine.
In this report, Kaspersky shares statistics on stalkerware detections, as well as insights into the impact of digital stalking in 2023 and the beginning of 2024, and advice for those affected.