IT threat evolution Q2 2024
In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc.
Malware Descriptions
HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat
Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers.
Coyote: A multi-stage banking Trojan abusing the Squirrel installer
We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil.
Cracked software beats gold: new macOS backdoor stealing cryptowallets
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.
Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
We uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities.
FakeSG campaign, Akira ransomware and AMOS macOS stealer
In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS.
HrServ – Previously unknown web shell used in APT attack
In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.
Ducktail fashion week
The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers.
WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users
A WhatsApp mod with a built-in spy module has been spreading through Arabic and Azeri Telegram channels since August 2023.
A cascade of compromise: unveiling Lazarus’ new campaign
We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns