Threat Category: Spam and Phishing | Page 2

Gaming-related threat landscape in 2023: desktop and mobile malware disguised as Minecraft, Roblox and other popular games, and the most widespread phishing schemes.

Scammers are camouflaging phishing links with QR codes and distributing them through email.

Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site.

Here is how email phishing scams targeting hot and cold crypto wallets, such as Trezor and Ledger, work.

This report contains statistics on cybersecurity threats to small and medium-sized businesses in 2023, and examples of cyberattacks on SMBs.

In this crimeware report, Kaspersky researchers provide insights into the Conti-based LockBit Green variant, ransomware samples for macOS, FreeBSD, etc. and phishing campaigns targeting organizations.

Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name.

Phishing bots and services on Telegram: how malicious actors use the messaging app to automate the process of generating phishing pages, and sell phishing kits and data.

This report shines a spotlight on the financial cyberthreat landscape in 2022. We look at phishing threats commonly encountered by users and companies, as well as the dynamics of various Windows and Android-based financial malware.

Attackers put phishing HTML files in IPFS thus cutting back on web hosting costs. IPFS is used in both mass phishing and targeted (spearphishing) campaigns.

Statistics on spam and phishing with the key trends in 2022: two-stage spear phishing, hijacking of social network and instant messaging accounts, import substitution, and survey phishing.

Phishing in social networks and messengers, marketplace fraud, exploitation of Google Forms and other services: we uncover what’s trending among attackers in 2022

We invited notable experts to share their insights and unbiased opinions on what we should expect from cybersecurity in the following year.

Mass spam mailing posing as customer email delivers the Agent Tesla stealer disguised as a document to corporate users.

Text-based fraud (419 scams, vishing, extortion, etc.) is still alive and well. Here, we describe cybercriminal techniques and present statistics.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Spam and Phishing

Gaming-related cyberthreats in 2023: Minecrafters targeted the most

QR codes in email phishing

Phishing with hacked sites

Email crypto phishing scams: stealing from hot and cold crypto wallets

How cybercrime is impacting SMBs in 2023

LockBit Green and phishing that targets organizations

What does ChatGPT know about phishing?

The Telegram phishing market

Financial cyberthreats in 2022

How scammers employ IPFS for email phishing

Spam and phishing in 2022

Main phishing and scamming trends and techniques

Cybersecurity threats: what awaits us in 2023?

Mass email campaign with a pinch of targeted spam

Text-based fraud: from 419 scams to vishing

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails