Kaspersky Uncovers New Cross-Platform Threats

Kaspersky Uncovers New Cross-Platform Threats

Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered the emergence of three cross-platform threats, and reveals three new strategies being employed by cybercriminals using the FakeSG campaign, Akira ransomware, and AMOS macOS stealer in its latest report.

The contemporary crimeware landscape is marked by constant evolution, as cybercriminals deploy sophisticated tactics across various platforms to exploit victims. Kaspersky experts analyze various threats, including cross-platform ransomware, macOS stealers, and malware distribution campaigns.

The latest cyber threat uncovered by GReaT is FakeSG, where legitimate websites are compromised to display deceptive browser update notifications. Clicking on these notifications triggers the download of a harmful file, and despite changing URLs, the path (/cdn/wds.min.php) remains constant. The downloaded file runs hidden scripts, prompting users to update their browsers, while establishing persistence through scheduled tasks. Within the archive, a malicious configuration file exposes the Command and Control (C2) address, highlighting the sophistication of this campaign.

Akira, a new ransomware variant affecting both Windows and Linux systems, has swiftly infected more than 60 organizations globally, targeting retail, consumer goods, and education establishments. Its adaptability to work across platforms emphasizes the broad impact on diverse industries. Sharing traits with Conti, such as an identical folder exclusion list, Akira features a distinctive Command and Control (C2) panel with an old-school minimalistic design, fortifying against analysis attempts. This highlights the evolving sophistication of cyber threats.

The AMOS macOS stealer, surfacing in April 2023, and initially sold for US$1,000/month on Telegram, and evolved from Go to C, deploying malvertising on cloned software sites. Also using deceptive methods like malvertising, it infiltrates macOS systems, retrieving and compressing user data for transmission to the Command and Control server, utilizing a unique UUID for identification. This reflects a growing trend of macOS-specific stealers exploiting potential vulnerabilities, deviating from their traditional association with Windows platforms.

“Adapting to the dynamic landscape of cyber threats is paramount to safeguarding our digital environments. The emergence of this new crimeware, coupled with the non-standard methods cybercriminals employ across diverse operating systems, underscores the urgency for vigilance and innovation in detection. Staying one step ahead requires a collective effort, emphasizing the crucial role of continuous research and collaboration to fortify our defenses against evolving cyber threats,” comments Jornt van der Wiel, senior security researcher at GReAT.

In order to prevent financially motivated threats, Kaspersky recommends:

  • Set up offline backups that intruders cannot tamper with. Make sure you can quickly access them in an emergency when needed.
  • Install ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business,which shields computers and servers from ransomware and other types of malware, prevent exploits, and is compatible with pre- installed security solutions.
  • To minimize the likelihood of crypto-miners being launched, use a dedicated security solution such as Kaspersky Endpoint Security for Businesswith application and web control; behavior analysis helps users to detect malicious activity quickly, while the vulnerability and patch manager protects devices from crypto-miners that exploit vulnerabilities.
How to Reduce the Complexity of Authentication Requirements

How to Reduce the Complexity of Authentication Requirements

Roman Cuprik, Content Writer at ESET, explains that authentication mechanisms…
ESET discovers CosmicBeetle spreading ransomware

ESET discovers CosmicBeetle spreading ransomware

ESET researchers have mapped the recent activities of the CosmicBeetle threat…
Unlocking Superior Viewer Experience with SSD Technology

Unlocking Superior Viewer Experience with SSD Technology

Khalil Yazbeck, Business Development Manager – UAE, Kuwait, Qatar and…
Clemta ready to cater entrepreneurs in the region

Clemta ready to cater entrepreneurs in the region

Clemta, the one-stop shop for global entrepreneurs incorporating in the US, has…
Microsoft reveals Top Three teams for Imagine Cup!

Microsoft reveals Top Three teams for Imagine Cup!

Today marks a pivotal moment in the 2024 Imagine Cup as Microsoft reveal…
OPPO collaborates with startups for tech advancements

OPPO collaborates with startups for tech advancements

Today, with 150 million startups worldwide and another 50…