Home Tags Md5

Tag: md5

Still Stealing

Two years ago we published a blogpost about a popular malware that was being distributed from the Google Play Store.
In October and November 2017 we found 85 new malicious apps on Google Play that are stealing credentials for VK.com
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employeersquo;s home computer system.

To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others
The authors of malware use various techniques to circumvent defensive mechanisms and conceal harmful activity. One of them is the practice of hiding malicious code in the context of a trusted process.

Typically, malware that uses concealment techniques injects its code into a system process, e.g. explorer.exe.

But some samples employ other interesting methods. We're going to discuss one such type of malware.
In September 2017, we discovered a new targeted attack on financial institutions.
Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia.

Tales from the blockchain

We will tell you two unusual success stories that happened on the “miner frontrdquo;.

The first story echoes the TinyNuke event and, in many respects gives an idea of the situation with miners.

The second one proves that to get crypto-currency, you donrsquo;t need to “burnrdquo; the processor.
Gaza cybergang is an Arabic politically motivated cyber criminal group, operating since 2012 and is actively targeting the MENA (Middle East North Africa) region.

Gaza cybergang attacks have never slowed down, recent targets by the group does seem to be varied in nature, attackers do not seem to be selectively choosing targets, but rather seeking different kinds of MENA intelligence.
In May 2017, Kaspersky Lab researchers discovered a forum post advertising ATM malware that was targeting specific vendor ATMs.

The forum contained a short description of a crimeware kit designed to empty ATMs with the help of a vendor specific API, without interacting with ATM users and their data.

The price of the kit was 5000 USD at the time of research.
On October 10, 2017, Kaspersky Labrsquo;s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers.

The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. We have reported the bug to Adobe who assigned it CVE-2017-11292 and released a patch earlier today.
20 years is a long time on the Internet.
The 2017 VirusBulletin conference is upon us and, as in previous years, wersquo;re taking the opportunity to dive into an exciting subject, guided by our experience from doing hands-on APT research.

This year we decided to put our heads together to understand the implications that the esoteric SIGINT practice of fourth-party collection could have on threat intelligence research.
The Facebook malware that spread last week was dissected in a collaboration with Kaspersky Lab and Detectify. We were able to get help from the involved companies and cloud services to quickly shut down parts of the attack to mitigate it as fast as possible.

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear.
It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure.