Exploit This

Security News, Exploits, and Vulnerabilities.

New trends in the world of IoT threats

Cybercriminals’ interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017. And in 2017 there were ten times more than in 2016. That doesn’t bode well for the years ahead.

What are botnets downloading?

Every day we intercept numerous file-download commands sent to bots of various types and families. Here we present the results of our botnet activity analysis for H2 2017 and H1 2018.

BusyGasper – the unfriendly spy

In early 2018 we found a suspicious Android sample that, as it turned out, belonged to an unknown spyware family. Further investigation showed that the malware, which we named BusyGasper, is not all that sophisticated, but demonstrates some unusual features for this type of threat.

The rise of mobile banker Asacub

We encountered the Trojan-Banker.AndroidOS.Asacub family for the first time in 2015. The Trojan has evolved since then, aided by a large-scale distribution campaign by its creators (in spring-summer 2017), helping Asacub to claim top spots in last year’s ranking by number of attacks among mobile banking Trojans.

How do file partner programs work?

It’s easy to notice if you’ve fallen victim to an advertising partner program: the system has new apps that you didn’t install, ad pages spontaneously open in the browser, ads appear on sites where they never used to, and so on. If you notice these symptoms on your computer, 99% of the time it’s “partner stuff”.

A mining multitool

Recently, an interesting miner implementation appeared on Kaspersky Lab’s radar. The malware, which we dubbed PowerGhost, is capable of stealthily establishing itself in a system and spreading across large corporate networks infecting both workstations and servers.

A study of car sharing apps

The growing popularity of car sharing services has led some experts to predict an end to private car ownership in big cities. But information security specialists have started raising some pertinent questions: how are the users of these services protected and what potential risks do they face in the event of unauthorized access to their accounts?

Calisto Trojan for macOS

As researchers we interesting in developmental prototypes of malware that have had limited distribution or not even occurred in the wild. We recently came across one such sample: a macOS backdoor that we named Calisto.

The return of Fantomas, or how we deciphered Cryakl

This spring marked the fourth anniversary of the malware’s first attacks. Against the backdrop of a general decline in ransomware activity (see our report), we decided to return to the topic of Cryakl and tell in detail about how one of the most eye-catching members of this endangered species evolved.

To crypt, or to mine – that is the question

Way back in 2013 our malware analysts spotted the first malicious samples related to the Trojan-Ransom.Win32.Rakhni family. That was the starting point for this long-lived Trojan family, which is still functioning to this day. Now the criminals have decided to add a new feature to their creation – a mining capability.

%d bloggers like this: