Kaspersky Lab Archives

AppWizard

September 12, 2025

Scams Surge on Kremlin-Backed Messaging App Max

The Kremlin-supported messaging application Max is experiencing a significant rise in account rental scams, with around 1,000 fraudulent ads appearing daily on darknet forums and Telegram channels, offering users between and 0 for temporary access to their accounts. Approximately 9% of fraudulent calls in Russia now originate from the Max platform, a figure that could more than double by the end of 2025. Developers of Max have blocked 67,000 suspicious accounts in August and have partnered with Sberbank and Kaspersky Lab to improve security. Recent legislation has imposed criminal penalties for the transfer of accounts and SIM cards, with offenders facing up to two years in prison. The Interior Ministry has noted that account rentals are a primary tactic used by scam call centers on Max.

TrendTechie

August 17, 2025

Похитители сид-фраз начали маскироваться под торренты

The Efimer Trojan spreads through torrent files and targets cryptocurrency wallets by disguising itself as a media player named xmpeg_player.exe. Cybercriminals exploit poorly secured WordPress sites to distribute this malware, while in corporate settings, they use phishing emails related to copyright infringement to deliver the Trojan. Once activated, it searches for cryptocurrency seed phrases and replaces transfer addresses with those of the attackers. Victims have been reported in Russia, India, Spain, Italy, and Germany. Kaspersky Lab has also reported on another malware, SparkKitty, aimed at stealing cryptocurrency from users in Southeast Asia and China.

TrendTechie

August 16, 2025

Labubu-охота на криптопользователей, опасные торренты с фильмами и другие события кибербезопасности

- A user lost 140 ETH (approximately ,500) on August 15 due to crypto address "poisoning," resulting in a total loss of over .6 million from similar incidents within a week. - Labubu fans in Russia fell victim to a cryptocurrency theft scheme involving a counterfeit marketplace that prompted users to connect their crypto wallets. - The Efimer Trojan malware, distributed through compromised WordPress sites and torrents, has been identified as a method for stealing cryptocurrency by replacing wallet addresses in the clipboard. - Pro-Russian hackers gained control of a dam in Norway, opening discharge valves and allowing over 7.2 million liters of water to pass through before being stopped. - A cybersecurity researcher discovered a vulnerability in a car dealer's online portal that allowed remote access to customer data and vehicle control. - Tajikistan reportedly lost over million due to illegal mining activities. - BtcTurk suspended withdrawals amid suspicious transactions totaling million. - Hackers extracted million in Bitcoin from the Odin.fun platform, and KYC data leaks have led to increased attacks on crypto investors.

Tech Optimizer

June 5, 2025

Exponential Growth Expected for Computer Security For Business Market With Complete SWOT Analysis by Forecast From 2025 to 2032 | NortonLifeLock, Fortinet, McAfee, Avast, Trend Micro

The Computer Security For Business market is projected to experience significant growth and opportunities leading into 2025. The report provides insights on future trends, growth drivers, consumption patterns, production volumes, and key market statistics, including the compound annual growth rate (CAGR). Notable competitors in the market include NortonLifeLock, Fortinet, McAfee, Avast, Trend Micro, Bitdefender, ESET, Kaspersky Lab, Comodo, F-Secure, and AHNLAB. The market is segmented into various categories such as Network Security, Identity Theft Protection, Endpoint Security, and Antivirus Software, with applications categorized by age demographics (18-30 years old, 30-45 years old, and others). The report highlights factors driving market growth, emerging trends, and shifts in consumer behavior. Stakeholders can benefit from quantitative analyses, Porter’s Five Forces analysis, and strategic recommendations for refining business strategies and conducting competitor analyses. A discount of up to 70% is currently available for the report.

TrendTechie

February 20, 2025

Хакеры заражали гаджеты российских пользователей криптомайнером под видом игр-симуляторов

Experts from Kaspersky GReAT have identified a scheme where cybercriminals distribute malware disguised as free versions of popular computer games via torrent trackers. This malware downloads a modified version of the XMRig cryptocurrency miner onto users' devices. The distribution began on December 31, 2024, and continued until the end of January 2025, with the first infected files appearing on torrent sites in the previous autumn. Affected countries include Russia, Belarus, Kazakhstan, Brazil, and Germany. The XMRig miner exploits the computational power of infected devices to mine Monero and was embedded in files associated with games like BeamNG.drive, Dyson Sphere Program, Universe Sandbox, Plutocracy, and Garry’s Mod. Kaspersky reported that 70.5% of users encountered infected versions of BeamNG.drive. The malware causes overheating, decreased performance, and increased electricity consumption without immediate signs of infection. Tatyana Shishkova from Kaspersky noted that the timing of the campaign coincided with the holiday season and that gaming applications were targeted due to their high performance. She advised users to avoid downloading software from unreliable sources.

TrendTechie

February 19, 2025

Вместо подарков – майнер: новогодняя ловушка на торрентах унесла ресурсы компьютеров по всему миру

A campaign known as StaryDobry, identified by Kaspersky Lab, began on the last day of 2024, targeting users of popular torrent trackers during the holiday season. The attack affected users globally, particularly in Russia, Belarus, Kazakhstan, Germany, and Brazil. Cybercriminals distributed trojanized versions of popular games like BeamNG.drive and Garry’s Mod, which contained hidden cryptocurrency mining software. The malware used in this campaign included XMRig, designed for mining Monero (XMR) without user consent. The installation process involved multiple layers of evasion, including checking for debugging tools and system parameters. The malware extracted files using RAR libraries, sent system fingerprints to a command server, and launched a loader that disguised itself as system files. XMRig operated in the background, utilizing the victim's CPU for mining while avoiding detection by terminating itself if analysis tools were present. The attack poses risks not only to individual users but also to corporate systems through compromised devices. No information is available about the attackers behind this campaign.

Tech Optimizer

February 7, 2025

New Scareware Attack Targeting Mobile Users to Deploy Malicious Antivirus Apps

A recent increase in scareware attacks is targeting mobile users, aiming to trick them into downloading malicious antivirus applications. These attacks use alarming notifications to exploit users' fears about device security. Analysts from Kaspersky Lab note that scareware often employs social engineering techniques to create urgency and fear, masquerading as legitimate software. Victims may encounter a range of consequences, from ineffective programs to dangerous malware that can encrypt data or steal financial information. Scareware messages typically warn users of detected viruses and the risks of not acting quickly. Malicious applications often use JavaScript or HTML to generate fake alerts. Users are advised to install authentic antivirus software from reputable sources, keep their devices updated, and be cautious with unexpected pop-ups.

Tech Optimizer

February 6, 2025

New Report Antivirus software Market to Reach New Heights by 2034

The global antivirus software market is projected to grow from approximately USD 4.5 billion in 2024 to around USD 9.2 billion by 2034, reflecting a compound annual growth rate (CAGR) of about 6.7% from 2025 to 2034. The market is analyzed by various criteria, including type (standalone, integrated, cloud-based), device (computers, tablets, smartphones, servers), operating system (Windows, macOS, Android, iOS, Linux), and end user (individual, enterprise, government). Key players in the industry include Symantec Corporation, McAfee Inc., Kaspersky Lab, Trend Micro Inc., Avast Software s.r.o., Bitdefender, ESET, Sophos, F-Secure, Panda Security, Microsoft Corporation, NortonLifeLock Inc., Check Point Software Technologies, CrowdStrike Holdings, Inc., SentinelOne, Cylance Inc., Malwarebytes, Qihoo 360 Technology Co. Ltd., and AhnLab Inc. The report also provides regional analysis for North America, Europe, Asia-Pacific, South America, and the Middle East and Africa.

Tech Optimizer

November 26, 2024

Readers’ Choice 2024: The PC Security and Online Privacy Brands You Trust Most

PCMag has reviewed antivirus software since 1988 and evaluated over 150 security applications last year. A recent survey revealed consumer preferences for antivirus software and VPNs. For 2024, Proton emerged as the top VPN brand with a score of 9.0 out of 10, while Bitdefender was rated the most trusted antivirus brand, receiving a perfect five-star rating. Trend Micro won the Reader's Choice Award for security suites, surpassing Bitdefender. In mobile antivirus, Bitdefender was the preferred choice, excelling in most categories. The survey for Antivirus and Security Suites was conducted from September 10 to November 4, 2024.

TrendTechie

November 9, 2024

Изучаем атаки троянца SteelFox с использованием стилера и майнера

In August 2024, a new strain of crimeware named SteelFox was identified. This malware spreads through forums, torrent trackers, and blogs, disguised as legitimate software like Foxit PDF Editor and AutoCAD. It includes a stealer component that collects sensitive data, such as banking information and device details. SteelFox uses SSL pinning and TLS 1.3 for communication with its command server, which operates under a dynamic IP address. The malware can escalate privileges by exploiting vulnerabilities in drivers. The initial attack vector involves posts promoting a dropper that masquerades as software activators. The dropper executes an AMD64 executable that requests administrator rights and delivers the malicious payload. The payload is decrypted using AES-128 and modified to evade detection before being installed as a service that persists after reboots. SteelFox's final stage involves creating a service that interacts with a vulnerable driver, allowing privilege escalation to NTSYSTEM. The malware connects to a command server using TLS 1.3 and SSL certificate pinning to secure communications. Victims are primarily users of popular software, with significant infections detected globally, particularly in Brazil, China, and Russia. The campaign is attributed to posts made from hacked accounts or inexperienced users on platforms like Baidu and Russian torrent trackers. Indicators of compromise include specific file hashes, file paths, and domains associated with the malware's operation.