External attack surface and ongoing cybercriminal activity in APAC region

To prevent a cyberattack, it is vital to know what the attack surface for your organization is. To be prepared to repel the attacks of cybercriminals, businesses around the world collect threat intelligence themselves or subscribe for threat intelligence services. Continuous threat research enables Kaspersky to discover, infiltrate and monitor resources frequented by adversaries and […]

Continue Reading

Two more malicious Python packages in the PyPI

On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index (PyPI), the most popular Python repository among software developers. The malicious packages were intended to steal developers’ personal data and credentials. Following this research, we used our internal automated system for monitoring open-source repositories and discovered two other […]

Continue Reading

Browser synchronization abuse: Bookmarks as a covert data exfiltration channel

Two universal and seemingly innocuous browser features – the ability to create bookmarks (aka “favorites”) and browser synchronization – make users’ lives easier, but may also allow hackers to establish a covert data exfiltration channel. Data exfiltration via bookmarks Malicious browser extensions are a known and widespread threat, used by attackers to perform actions such […]

Continue Reading

LofyLife: malicious npm packages steal Discord tokens and bank card data

On July 26, using the internal automated system for monitoring open-source repositories, we identified four suspicious packages in the Node Package Manager (npm) repository. All these packages contained highly obfuscated malicious Python and JavaScript code. We dubbed this malicious campaign “LofyLife”. Description of the proc-title package (Translation: This package correctly capitalizes your titles as per […]

Continue Reading

Mars Stealer malware pushed via Google Ads and phishing emails

Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick users into downloading it. Two documented Mars Stealer delivery campaings In a recent campaign described by Morphisec malware researcher Arnold Osipov, the threat actor distributed the malware via cloned […]

Continue Reading