Angry Likho: Old beasts in a new forest Angry Likho是一个APT组织，自2023年起活跃于网络攻击领域。该组织主要针对俄罗斯及白俄罗斯的政府机构和大型企业展开定向攻击。其常用手段包括发送钓鱼邮件，附件中包含恶意LNK文件及RAR档案。这些恶意软件通常会植入Lumma stealer等工具，用于窃取敏感数据如浏览器记录、密码及加密货币钱包信息。该组织在2024年6月及2025年1月期间展现了新的攻击活动迹象。... 2025-2-21 10:0:21 | 阅读: 32 | 收藏 | Securelist - securelist.com shop malicious likho angry payload

Managed detection and response in 2024 Kaspersky MDR服务提供全天候监控和威胁检测。2024年报告指出高严重性事件减少但复杂性增加，工业、金融和政府行业受攻击最多。Living off the Land技术广泛使用。... 2025-2-20 08:0:24 | 阅读: 10 | 收藏 | Securelist - securelist.com mdr security attackers threats equipped

Spam and phishing in 2024 2024年网络威胁报告指出全球47.27%电子邮件为垃圾邮件，俄罗斯占比达48.57%，其中18%垃圾邮件来自俄罗斯。卡巴斯基拦截超8亿次钓鱼链接点击及一亿次恶意附件。钓鱼攻击主要针对旅行者、社交媒体用户及加密货币爱好者。攻击者利用名人形象、热门事件及虚假优惠吸引受害者，并通过复杂问卷收集敏感信息或直接窃取资金。... 2025-2-19 10:0:31 | 阅读: 37 | 收藏 | Securelist - securelist.com phishing malicious fraudsters victim facebook

StaryDobry ruins New Year’s Eve, delivering miner instead of presents 网络犯罪分子在12月31日发起大规模感染活动，通过恶意游戏分发XMRig挖矿软件，主要针对俄罗斯、巴西、德国等国家的用户，利用复杂的执行链和防御技术进行攻击。... 2025-2-18 10:0:49 | 阅读: 19 | 收藏 | Securelist - securelist.com systemroot unrar fingerprint decrypted miner

Investors, Trump and the Illuminati: What the “Nigerian prince” scams became in 2024 本文介绍了“尼日利亚”垃圾邮件的常见类型和特征，包括伪装成富人捐赠、政府补偿、彩票中奖、网络交友及商业投资等骗局。这些邮件通常包含错误和低质量翻译，并通过社会工程学手段诱导受害者回复或提供个人信息。防范建议包括避免回应未知发件人及注意邮件中的不一致和错误。... 2025-2-5 12:0:5 | 阅读: 18 | 收藏 | Securelist - securelist.com nigerian recipient victim trump fund

Take my money: OCR crypto stealers in Google Play and App Store 这篇文章介绍了名为“SparkCat”的恶意软件，该软件通过嵌入到Google Play和App Store中的合法应用传播，下载量超过24万次。它利用OCR技术扫描用户相册中的图片，寻找加密钱包恢复短语并发送至攻击者服务器。该恶意软件还使用了Rust语言编写的自定义协议进行通信，并首次出现在苹果应用商店中。... 2025-2-5 08:0:16 | 阅读: 22 | 收藏 | Securelist - securelist.com malicious c2 trojan library gallery

Take my money: OCR crypto stealers in Google Play and App Store 这篇文章总结了苹果公司从App Store中移除了嵌入恶意SDK的应用程序。这些应用程序通过OCR技术窃取用户的加密钱包恢复短语，并利用Rust语言进行通信。该恶意软件影响了Android和iOS用户，并最终于2025年6月被苹果移除。... 2025-2-5 08:0:16 | 阅读: 15 | 收藏 | Securelist - securelist.com malicious c2 trojan library gallery

One policy to rule them all Windows group policies are a powerful management tool that allows administrators to de... 2025-1-31 10:0:2 | 阅读: 6 | 收藏 | Securelist - securelist.com gpo sysvol windows attackers

No need to RSVP: a closer look at the Tria stealer campaign IntroductionSince mid-2024, we’ve observed a malicious Android campaign leveraging we... 2025-1-30 08:0:12 | 阅读: 19 | 收藏 | Securelist - securelist.com apk tria malicious stealer malaysia

Threat predictions for industrial enterprises 2025 Kaspersky Security Bulletin... 2025-1-29 10:0:37 | 阅读: 11 | 收藏 | Securelist - securelist.com security network developers attackers

Mercedes-Benz Head Unit security research report IntroductionThis report covers the research of the Mercedes-Benz Head Unit, which was... 2025-1-17 10:0:33 | 阅读: 72 | 收藏 | Securelist - securelist.com ud2 diagnostic thrift thriftme database

EAGERBEE, with updated and novel components, targets the Middle East IntroductionIn our recent investigation into the EAGERBEE backdoor, we found that it... 2025-1-6 08:0:7 | 阅读: 11 | 收藏 | Securelist - securelist.com eagerbee memory windows c2

Threat landscape for industrial automation systems in Q3 2024 Statistics across all threatsIn the third quarter of 2024, the percentage of ICS comp... 2024-12-27 10:0:46 | 阅读: 9 | 收藏 | Securelist - securelist.com malicious quarter decreased pp lowest

Cloud Atlas seen using a new tool in its attacks IntroductionKnown since 2014, Cloud Atlas targets Eastern Europe and Central Asia. We... 2024-12-23 10:0:46 | 阅读: 35 | 收藏 | Securelist - securelist.com vbshower powershower vbcloud payload c2

BellaCPP: Discovering a new BellaCiao variant written in C++ APT reports... 2024-12-20 10:0:27 | 阅读: 12 | 收藏 | Securelist - securelist.com bellaciao microsoft bellacpp

Attackers exploiting a patched FortiClient EMS vulnerability in the wild IntroductionDuring a recent incident response, Kaspersky’s GERT team identified a set... 2024-12-19 12:0:20 | 阅读: 15 | 收藏 | Securelist - securelist.com hxxps hxxp clientsetup attackers

Lazarus group evolves its infection chain with old and new malware Over the past few years, the Lazarus group has been distributing its malicious softwar... 2024-12-19 10:0:55 | 阅读: 15 | 收藏 | Securelist - securelist.com cookieplus c2 malicious payload loader

Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations About C.A.SC.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking... 2024-12-18 10:0:3 | 阅读: 13 | 收藏 | Securelist - securelist.com windows attackers registrykey hacktivist revenge

Download a banker to track your parcel In late October 2024, a new scheme for distributing a certain Android banking Trojan c... 2024-12-17 08:21:36 | 阅读: 16 | 收藏 | Securelist - securelist.com mamont victim trojan attackers c2

Dark web threats and dark market predictions for 2025 Review of last year’s predictionsThe number of services providing AV evasion for malw... 2024-12-16 10:0:27 | 阅读: 12 | 收藏 | Securelist - securelist.com drainers ransomware markets forums stealers