VIRUS-NEWS
The SOC Files: Time to ?Sapecar?. Unpacking a new Horabot campaign in Mexico
by Domenico Caldarella, Mateus Salgado18 Mar 2026 at 11:00am
Kaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt for this threat.
Free real estate: GoPix, the banking Trojan living off your memory
by GReAT16 Mar 2026 at 11:00am
Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) files for man-in-the-middle attacks, and malvertising via Google Ads.
BeatBanker: A dual?mode Android Trojan
by GReAT10 Mar 2026 at 10:00am
Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable of both crypto mining and stealing banking data.
Exploits and vulnerabilities in Q4 2025
by Alexander Kolesnikov6 Mar 2026 at 10:00am
This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use of C2 frameworks in APT attacks.
Mobile malware evolution in 2025
by Anton Kivva4 Mar 2026 at 10:00am
Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT botnet, and Mamont banking Trojans.
Arkanix Stealer: a C++ & Python infostealer
by Kirill Korchemny, Omar Amin19 Feb 2026 at 11:00am
Kaspersky researchers analyze a C++ and Python stealer dubbed "Arkanix Stealer", which was active for several months, targeted wide range of data, was distributed as MaaS and offered referral program to its partners.
Divide and conquer: how the new Keenadu backdoor exposed links between major ...
by Dmitry Kalinin17 Feb 2026 at 9:00am
Kaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also revealed connections between the world's most prolific Android botnets.
The game is over: when ?free? comes at too high a price. What we know about R...
by Denis Brylev, Pavel Sinenko, Maxim Starodubov, Artem Ushkov11 Feb 2026 at 2:00pm
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in February 2026, ongoing attacks using ACR Stealer became known.
Spam and phishing in 2025
by Tatyana Kulikova, Olga Altukhova, Roman Dedenok, Andrey Kovtun, Irina Shimko, Anna Lazaricheva11 Feb 2026 at 10:00am
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
by Kaspersky5 Feb 2026 at 9:00am
We analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT.
