Corporate News

Cybercriminals continuously develop their skills and tools, looking for new ways to compromise individuals and companies. Kaspersky has explored uncommon infection methods used by attackers in its recent Securelist blogpost. Alongside other discoveries, it features RapperBot, a Mirai-based worm that infects IoT devices with the ultimate goal of launching DDoS attacks against non-HTTP targets. Other methods mentioned in the blogpost includes an information stealer Rhadamanthys, and CUEMiner, based on open-source malware presumably distributed through BitTorrent and One Drive.

Kaspersky recently investigated the DeathNote, one of clusters that belong to the infamous Lazarus group. DeathNote has transformed drastically over the years, beginning in 2019 with attacks on cryptocurrency-related businesses worldwide. By the end of 2022, it was responsible for targeted campaigns that affected IT companies and defense companies in Europe, Latin America, South Korea, and Africa. The latest report by Kaspersky tracks a shift in DeathNote’s targets as well as the development and refinement of their tools, techniques, and procedures during the last four years.

In February, Kaspersky experts discovered an attack using zero-day vulnerability in the Microsoft Common Log File System (CLFS). A cybercriminal group used an exploit developed for different versions and builds of Windows OS including Windows 11 and attempted to deploy Nokoyawa ransomware. Microsoft assigned CVE-2023-28252 to this vulnerability and patched it today as part of Patch Tuesday. The threat actor also attempted to execute similar elevation of privilege exploits in attacks on different small and medium-sized businesses in the Middle East and North America, and previously in Asia regions.

Kaspersky today announced the addition of new crypto protection features to its new consumer product line, including Kaspersky Standard, Kaspersky Plus and Kaspersky Premium.

Kaspersky experts analyzing offers of malicious apps on Google Play for sale on the Darknet, have discovered that malicious mobile apps and store developer accounts are being sold up to US$20,000. Using Kaspersky Digital Footprint Intelligence, researchers collected examples from nine different Darknet forums where the purchase and sale of goods and services related to malware is carried out. The report sheds light on how threats sold on Darknet appear on Google Play and also reveals the offers available, price range and features of communication and agreements between cybercriminals.

Kaspersky announced an updated version of its Kaspersky VPN

Kaspersky investigated a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. The malware behind this attack dubbed Gopuram has been tracked internally since 2020, but the number of infections began to increase in March 2023. The recent report by Kaspersky provides an overview of the Gopuram backdoor with an observation of the latest campaign that has affected enterprises, and, particularly cryptocurrency companies around the world.

Kaspersky’s anti-phishing systems have prevented 5 million cryptocurrency-related phishing attacks in 2022, increasing by 40 percent compared to the previous year. Conversely, there was a decrease in the detection of traditional financial threats, such as banking and mobile financial malware. These and other findings can be found in company’s latest report on financial threats.

Kaspersky researchers have discovered an ongoing disruptive cryptocurrency theft campaign affecting more than 15,000 users across 52 countries. Distributed under the guise of Tor Browser, the malware operates by replacing a portion of the entered clipboard contents with the cybercriminal’s own wallet address once it detects a wallet address in the clipboard. It’s estimated that - so far in 2023 - cybercriminals have been able to steal approximately US$400,000 using this malware.

Kaspersky experts have discovered how cybercriminals are using IPFS file distribution in email phishing attacks. Since late 2022, fraudsters have been using this safe, decentralized and reliable way for file distribution – considered to be one of the cutting-edge technologies of Web 3.0 – to target companies around the world. In a new report by Kaspersky, researchers reveal how attackers are putting phishing HTML files in IPFS to cut web hosting costs. This technique, used for both ongoing mass and targeted phishing campaigns, saw almost 400,000 phishing emails detected in February 2023.