Krebs on Security

SEPTEMBER 4, 2018

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

Spyware 183

Spyware Mobile Advertising Software 183

SecureList

SEPTEMBER 28, 2021

Kaspersky has been tracking deployments of this spyware since 2011. Both of them are encrypted with RC4. All communications between the server are encrypted with RC4. This module uses the same communication protocol that is used in the main Trojan component: The TLV ( type-length-value ) format to exchange data with C2 servers.

Encryption 142

Encryption Malware Spyware Architecture 142

SecureList

JULY 27, 2023

Following this, we released the first of a series of additional reports describing the final payload in the infection chain: a highly sophisticated spyware implant that we dubbed “TriangleDB” Operating in memory, this implant periodically communicates with the C2 (command and control) infrastructure to receive commands.

Malware 85

Malware Government Phishing Social Engineering 85

SecureList

NOVEMBER 14, 2023

The rise of destructive attacks In December of last year, shortly after we released our predictions for 2023, Russian government agencies were reported to have been targeted by a data wiper called CryWiper. The malware posed as ransomware, demanding money from the victims for “decrypting” their data.

Hacking 106

Hacking Energy and Utilities Media Malware 106