Kaspersky Lab Archives

TrendTechie

February 20, 2025

Хакеры заражали гаджеты российских пользователей криптомайнером под видом игр-симуляторов

Experts from Kaspersky GReAT have identified a scheme where cybercriminals distribute malware disguised as free versions of popular computer games via torrent trackers. This malware downloads a modified version of the XMRig cryptocurrency miner onto users' devices. The distribution began on December 31, 2024, and continued until the end of January 2025, with the first infected files appearing on torrent sites in the previous autumn. Affected countries include Russia, Belarus, Kazakhstan, Brazil, and Germany. The XMRig miner exploits the computational power of infected devices to mine Monero and was embedded in files associated with games like BeamNG.drive, Dyson Sphere Program, Universe Sandbox, Plutocracy, and Garry’s Mod. Kaspersky reported that 70.5% of users encountered infected versions of BeamNG.drive. The malware causes overheating, decreased performance, and increased electricity consumption without immediate signs of infection. Tatyana Shishkova from Kaspersky noted that the timing of the campaign coincided with the holiday season and that gaming applications were targeted due to their high performance. She advised users to avoid downloading software from unreliable sources.

TrendTechie

February 19, 2025

Вместо подарков – майнер: новогодняя ловушка на торрентах унесла ресурсы компьютеров по всему миру

A campaign known as StaryDobry, identified by Kaspersky Lab, began on the last day of 2024, targeting users of popular torrent trackers during the holiday season. The attack affected users globally, particularly in Russia, Belarus, Kazakhstan, Germany, and Brazil. Cybercriminals distributed trojanized versions of popular games like BeamNG.drive and Garry’s Mod, which contained hidden cryptocurrency mining software. The malware used in this campaign included XMRig, designed for mining Monero (XMR) without user consent. The installation process involved multiple layers of evasion, including checking for debugging tools and system parameters. The malware extracted files using RAR libraries, sent system fingerprints to a command server, and launched a loader that disguised itself as system files. XMRig operated in the background, utilizing the victim's CPU for mining while avoiding detection by terminating itself if analysis tools were present. The attack poses risks not only to individual users but also to corporate systems through compromised devices. No information is available about the attackers behind this campaign.

Tech Optimizer

February 7, 2025

New Scareware Attack Targeting Mobile Users to Deploy Malicious Antivirus Apps

A recent increase in scareware attacks is targeting mobile users, aiming to trick them into downloading malicious antivirus applications. These attacks use alarming notifications to exploit users' fears about device security. Analysts from Kaspersky Lab note that scareware often employs social engineering techniques to create urgency and fear, masquerading as legitimate software. Victims may encounter a range of consequences, from ineffective programs to dangerous malware that can encrypt data or steal financial information. Scareware messages typically warn users of detected viruses and the risks of not acting quickly. Malicious applications often use JavaScript or HTML to generate fake alerts. Users are advised to install authentic antivirus software from reputable sources, keep their devices updated, and be cautious with unexpected pop-ups.

Tech Optimizer

February 6, 2025

New Report Antivirus software Market to Reach New Heights by 2034

The global antivirus software market is projected to grow from approximately USD 4.5 billion in 2024 to around USD 9.2 billion by 2034, reflecting a compound annual growth rate (CAGR) of about 6.7% from 2025 to 2034. The market is analyzed by various criteria, including type (standalone, integrated, cloud-based), device (computers, tablets, smartphones, servers), operating system (Windows, macOS, Android, iOS, Linux), and end user (individual, enterprise, government). Key players in the industry include Symantec Corporation, McAfee Inc., Kaspersky Lab, Trend Micro Inc., Avast Software s.r.o., Bitdefender, ESET, Sophos, F-Secure, Panda Security, Microsoft Corporation, NortonLifeLock Inc., Check Point Software Technologies, CrowdStrike Holdings, Inc., SentinelOne, Cylance Inc., Malwarebytes, Qihoo 360 Technology Co. Ltd., and AhnLab Inc. The report also provides regional analysis for North America, Europe, Asia-Pacific, South America, and the Middle East and Africa.

Tech Optimizer

November 26, 2024

Readers’ Choice 2024: The PC Security and Online Privacy Brands You Trust Most

PCMag has reviewed antivirus software since 1988 and evaluated over 150 security applications last year. A recent survey revealed consumer preferences for antivirus software and VPNs. For 2024, Proton emerged as the top VPN brand with a score of 9.0 out of 10, while Bitdefender was rated the most trusted antivirus brand, receiving a perfect five-star rating. Trend Micro won the Reader's Choice Award for security suites, surpassing Bitdefender. In mobile antivirus, Bitdefender was the preferred choice, excelling in most categories. The survey for Antivirus and Security Suites was conducted from September 10 to November 4, 2024.

TrendTechie

November 9, 2024

Изучаем атаки троянца SteelFox с использованием стилера и майнера

In August 2024, a new strain of crimeware named SteelFox was identified. This malware spreads through forums, torrent trackers, and blogs, disguised as legitimate software like Foxit PDF Editor and AutoCAD. It includes a stealer component that collects sensitive data, such as banking information and device details. SteelFox uses SSL pinning and TLS 1.3 for communication with its command server, which operates under a dynamic IP address. The malware can escalate privileges by exploiting vulnerabilities in drivers. The initial attack vector involves posts promoting a dropper that masquerades as software activators. The dropper executes an AMD64 executable that requests administrator rights and delivers the malicious payload. The payload is decrypted using AES-128 and modified to evade detection before being installed as a service that persists after reboots. SteelFox's final stage involves creating a service that interacts with a vulnerable driver, allowing privilege escalation to NTSYSTEM. The malware connects to a command server using TLS 1.3 and SSL certificate pinning to secure communications. Victims are primarily users of popular software, with significant infections detected globally, particularly in Brazil, China, and Russia. The campaign is attributed to posts made from hacked accounts or inexperienced users on platforms like Baidu and Russian torrent trackers. Indicators of compromise include specific file hashes, file paths, and domains associated with the malware's operation.

Tech Optimizer

October 8, 2024

“Kaspersky Lab” lost access to Google Play due to US restrictions

Google has removed Kaspersky Lab's antivirus software from its Google Play store and closed the company's developer account, following U.S. restrictions imposed on September 29. Kaspersky Lab has criticized this decision as an "over-interpretation" of the restrictions, asserting that the regulations do not ban the sale and distribution of its products outside the U.S. Users who previously installed the app can still use it but will not receive updates or be able to reinstall it. The removal was first noted by users on September 27, with Kaspersky confirming it two days later. Google cited the U.S. Department of Commerce's Bureau of Industry and Security sanctions as the reason for the removal. These sanctions led Kaspersky Lab to stop operations in the U.S. market and switch to alternative antivirus solutions from UltraAV without notifying users.

Tech Optimizer

September 25, 2024

Kaspersky customers in the US complain about receiving unsolicited security software replacement

Kaspersky Lab is transitioning its US customers to a new antivirus product called UltraAV due to a ban imposed by the Biden Administration. This change is occurring as Kaspersky winds down its operations in the US by September 30. UltraAV, which supports up to 20 devices, is owned by Pango, recently acquired by Aura, and is based on technology from Max Secure Software, led by Dr. Zulfikar Ramzan. UltraAV has not participated in established trade organizations like AMTSO and has not undergone independent evaluation, leading to skepticism within the antivirus community. Initial assessments suggest that UltraAV may need improvements in protection and user experience, but Pango plans a third-party evaluation later this year.

AppWizard

September 24, 2024

Necro malware infects 11M+ Android devices via Google Play apps – SiliconANGLE

A new iteration of Necro malware has been identified on at least 11 million devices, infiltrating Android devices through applications distributed via the Google Play store. Researchers at Kaspersky Lab Inc. found that the malware entered through malicious advertising software development kits (SDKs) embedded in apps, as well as game modifications and altered versions of popular applications in unofficial app stores. Compromised applications include Wuta Camera, downloaded over 10 million times, and Max Browser, with over 1 million downloads, both of which have been removed from Google Play. The malware utilizes an SDK called “Coral SDK” and employs image steganography through a component named “shellPlugin.” Once installed, it performs covert activities such as displaying ads in invisible windows, automatically clicking on them, downloading executable files, installing third-party applications, opening links to execute JavaScript, subscribing users to paid services without consent, and rerouting internet traffic through infected devices. Cybersecurity expert Katie Teitler-Santullo emphasized the need for app developers to verify SDK integrity and scan source code for malicious content to prevent exploitation.

TrendTechie

July 21, 2024

Скачивание пиратской программы из торрентов привело к заражению сотен тысяч пользователей

In August 2023, a user from company X was compromised by malware after installing a program downloaded via torrent. The malware collected information about the victim's computer, installed remote management software and a miner, and sent the collected information to a Telegram bot. The malware infected over 250,000 devices in 164 countries, with most victims being non-corporate users who downloaded pirated software.