Kaspersky's GReAT team has identified a new malware framework called OkoBot that specifically targets cryptocurrency users. This sophisticated malware utilizes a component known as TookPS to steal sensitive information, such as seed phrases, and monitor activities on Chromium-based browsers. Additionally, OkoBot can install various types of malware, including the Rilide stealer, which further compromises users' security. This threat is particularly concerning for those involved in cryptocurrency transactions, as it can lead to significant financial losses and privacy violations. Users need to be vigilant and consider enhancing their security measures to protect against these evolving threats.
Articles tagged "Kaspersky"
Found 41 articles
Hackread – Cybersecurity News, Data Breaches, AI and More
Kaspersky has reported that the Armored Likho group, a previously identified advanced persistent threat (APT), is actively targeting government and energy sectors using a combination of techniques. They employ BusySnake Stealer, a type of malware designed to extract sensitive information, alongside AI-generated loaders and phishing methods to infiltrate systems. This campaign poses significant risks to organizations in these critical sectors, as the stolen data could lead to further exploitation or security breaches. The use of sophisticated tools and tactics highlights the evolving nature of cyber threats and the need for enhanced security measures within these industries. Organizations should remain vigilant and strengthen their defenses against such targeted attacks.
The Hacker News
A new cyber threat group called Armored Likho has been linked to attacks against government agencies and the electric power sector in Russia, Brazil, and Kazakhstan. Researchers from Kaspersky report that this group combines financially motivated schemes targeting individuals with cyber espionage aimed at organizations. The BusySnake Stealer malware is being used in these operations, which raises concerns about the potential for sensitive data breaches. The targeting of critical infrastructure like power sectors is particularly alarming, as it can have severe implications for national security and public safety. Organizations in affected regions should bolster their cybersecurity measures to defend against these types of attacks.
A new malware called Umbrij, linked to the cyber group ToddyCat, is targeting corporate Gmail accounts by exploiting the Google API. According to Kaspersky's recent report, the malware allows attackers to gain stealthy access to email communications, raising significant concerns for businesses that rely on Gmail for their operations. This tactic of compromising access through APIs highlights potential vulnerabilities in how companies manage their email systems. As email remains a primary communication tool for organizations, the implications of such breaches could be severe, resulting in sensitive information leaks and potential financial losses. Companies using Gmail should enhance their security measures to safeguard against this type of attack.
Kaspersky's Compromise Assessment specialists reviewed trends from their 2025 projects, revealing that many organizations are still overlooking security incidents and facing ongoing threats. They found that a lack of timely response to these incidents can leave companies vulnerable to further attacks. The insights suggest that businesses need to improve their detection capabilities and response strategies to address these persistent risks. By regularly assessing their security posture, organizations can better identify weaknesses and enhance their defenses against potential breaches. This is particularly important as cyber threats continue to evolve and become more sophisticated.
Securelist
Kaspersky researchers have identified a large-scale campaign that uses compromised ScreenConnect software to deliver AsyncRAT, a type of remote access Trojan. Attackers are exploiting vulnerabilities in the legitimate ScreenConnect application to drop the malicious payload onto targeted systems. This incident raises concerns for users and organizations that rely on ScreenConnect for remote access, as they may unknowingly become victims of this malware. The report details the infection chain and the command and control (C2) infrastructure used in the attack, emphasizing the need for vigilance in software downloads and updates. Users should ensure they are downloading software from official sources and remain cautious of unsolicited software offers.
Kaspersky researchers have investigated the activities of The Gentlemen Ransomware-as-a-Service (RaaS) group, revealing their customized backdoors and evolving tactics. This group has introduced a new variant of ransomware that poses a significant threat to various organizations. The research outlines the tools and techniques used by the group, which are designed to infiltrate systems and encrypt sensitive data for ransom. Companies that rely on digital systems for operations are particularly vulnerable to these types of attacks, highlighting the need for enhanced security measures. Organizations are urged to stay informed about these developments and take proactive steps to defend against such threats.
Kaspersky researchers have examined the growing cybersecurity threats facing small and medium-sized businesses (SMBs) in 2026. They found that attacks using fake artificial intelligence tools are on the rise, alongside traditional phishing schemes. These tactics are particularly concerning as they can lead to data breaches and the sale of sensitive information on the dark web. SMBs, which often lack the resources of larger corporations, are especially vulnerable to these types of attacks. Companies need to enhance their security measures and educate employees about recognizing scams to protect themselves against these evolving threats.
A recent analysis by a Kaspersky researcher has uncovered a global malicious campaign that spreads VBScript files through WhatsApp. These scripts are designed to install a Remote Monitoring and Management (RMM) software, specifically a UEMS agent, via a multi-step infection process. This type of malware could allow attackers to gain control over infected devices, posing significant risks to both individual users and organizations. The use of popular messaging platforms like WhatsApp for distribution makes this attack particularly concerning, as it can easily bypass traditional security measures. Users need to be cautious about unexpected messages and attachments on these platforms to protect themselves from this ongoing threat.
Kaspersky researchers have identified new tools based on the PebbleDash framework that are being used in recent campaigns by the North Korean hacking group Kimsuky. These tools are linked to the AppleSeed malware cluster, indicating a sophisticated approach to targeting various organizations. Kimsuky has a history of focusing on sectors like government, defense, and technology, making this a significant concern for those industries. The use of PebbleDash tools suggests that attackers are developing more advanced methods to infiltrate networks and steal sensitive information. Organizations need to enhance their defenses and remain vigilant against these evolving threats.
Securelist
Kaspersky researchers have identified key trends in ransomware for 2026, indicating a shift in tactics among cybercriminals. One notable trend is the emergence of EDR killers, tools designed to bypass endpoint detection and response systems, making it easier for attackers to operate undetected. Additionally, there is a growing focus on data leaks rather than just data encryption, meaning that attackers might threaten to expose sensitive information instead of simply locking it away. This change could lead to increased pressure on organizations to comply with ransom demands, as the risk of public exposure rises. These trends are significant as they suggest that companies will need to adapt their security strategies to combat evolving ransomware tactics effectively.
SCM feed for Latest
Kaspersky researchers have released findings indicating that most passwords can be cracked in under a minute, based on an analysis of 231 million unique passwords leaked on the dark web between 2023 and 2026. This alarming statistic highlights the vulnerability of user accounts across various platforms, as many individuals continue to use weak or common passwords. The leaked data underscores the need for stronger password practices among users, such as adopting complex combinations or utilizing password managers. Additionally, organizations must consider implementing multi-factor authentication to enhance security. With the potential for quick exploitation of weak passwords, both individuals and businesses should take immediate steps to protect their online accounts.
Researchers conducting a security assessment of Kaspersky USB Redirector discovered a critical remote code execution (RCE) vulnerability in the xrdp server component, identified as CVE-2025-68670. This vulnerability allows attackers to execute arbitrary code on affected systems before authentication, which poses a significant risk. Fortunately, project maintainers acted quickly to patch the vulnerability, reducing the potential for exploitation. Users of xrdp should ensure they apply the latest updates to protect their systems. This incident underscores the importance of regular security assessments and timely patch management to defend against emerging threats.
Cybersecurity researchers have identified three malicious packages on the Python Package Index (PyPI) that are distributing a new type of malware called ZiChatBot. These packages are designed to deliver harmful files while masquerading as legitimate software. Both Windows and Linux systems are at risk, as the malware can operate on both platforms. This incident raises concerns about the security of open-source repositories, where malicious actors can exploit the trust users place in these resources. Developers and users of Python packages should be vigilant and verify the authenticity of packages before installation to avoid falling victim to such attacks.
The article discusses the growing issue of suspicious websites and how users can differentiate between safe and fraudulent sites. It provides insights into the types of untrusted sites that Kaspersky's solutions are now able to detect, backed by global statistics. This information is crucial for internet users, as falling victim to these fraudulent sites can lead to identity theft, financial loss, or malware infections. By understanding how to identify these threats, individuals can better protect themselves online. The article emphasizes the importance of being cautious while browsing and staying informed about the risks associated with untrusted websites.