Kaspersky experts analyze GodRAT, a new Gh0st RAT-based tool attacking financial firms. It is likely a successor of the AwesomePuppet RAT connected to the Winnti group.| Securelist
We examine the evolution of the PipeMagic backdoor and the TTPs of its operators – from the RansomExx incident in 2022 to attacks in Brazil and the Middle East, and the exploitation of CVE-2025-29824 in 2025.| Securelist
The Efimer Trojan spreads through email and hacked WordPress websites, steals cryptocurrency, and substitutes wallets in the clipboard.| Securelist
In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. Kaspersky solutions successfully counter and detect this threat.| securelist.com
Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices.| securelist.com
SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users' galleries.| securelist.com
In this article, we discuss the tools and TTPs used in the SideWinder APT's attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.| securelist.com
Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.| securelist.com
Kaspersky experts have discovered a new SteelFox Trojan that mimics popular software like Foxit PDF Editor and JetBrains to spread a stealer-and-miner bundle.| securelist.com
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.| securelist.com
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.| securelist.com
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.| securelist.com
Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data.| securelist.com