We analyze the built-in protection mechanisms in macOS: how they work, how threat actors can attack them or deceive users, and how to detect such attacks.| Securelist
Kaspersky experts analyze GodRAT, a new Gh0st RAT-based tool attacking financial firms. It is likely a successor of the AwesomePuppet RAT connected to the Winnti group.| Securelist
We examine the evolution of the PipeMagic backdoor and the TTPs of its operators – from the RansomExx incident in 2022 to attacks in Brazil and the Middle East, and the exploitation of CVE-2025-29824 in 2025.| Securelist
The Efimer Trojan spreads through email and hacked WordPress websites, steals cryptocurrency, and substitutes wallets in the clipboard.| Securelist
In an incident response case, Kaspersky experts discovered new malware that terminates AV processes by abusing the legitimate ThrottleStop driver. Kaspersky solutions successfully counter and detect this threat.| securelist.com
Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices.| securelist.com
SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users' galleries.| securelist.com
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.| securelist.com
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.| securelist.com
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.| securelist.com
This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.| securelist.com
This is the second part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.| securelist.com
This is part six of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.| securelist.com
Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data.| securelist.com