Dmitry Kalinin

Featured in: Favicon

wiley.com

mdpi.com

onlinelibrary.wiley.com

Articles

Mamont banker under the guise of a tracking app

Dec 17, 2024 | kaspersky.com | Dmitry Kalinin

We’ve discovered a new scheme of distribution of the Mamont (Russian for mammoth) Trojan banker. Scammers promise to deliver a certain product at wholesale prices that may be considered interesting to small businesses as well as private buyers, and offer to install an Android application to track the package. However, instead of a tracking utility, the victim installs a Trojan that can steal banking credentials, push notifications, and other financial information.
How machine learning helps us hunt threats

Oct 2, 2024 | securelist.com | Mohamad Amin Hasbini |Anna Larkina |Flavio Negrini |Dmitry Kalinin

IntroductionIn the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies, pinpoint malicious activity, and mitigate potential cyberattacks before they cause significant damage. However, the sheer volume and complexity of logs often make them challenging to analyze effectively.
Key Group uses leaked builders of ransomware and wipers

Oct 1, 2024 | securelist.com | Anna Larkina |Flavio Negrini |Dmitry Kalinin |Anna Pavlovskaya

Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released in 2023 by BI.ZONE, a cybersecurity solutions vendor: the attackers drew attention when they left an ideological note during an attack on a Russian user, in which they did not demand money.
Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods

Sep 23, 2024 | securelist.com | Dmitry Kalinin |Artem Ushkov |Sherif Magdy |Fedor Sinitsyn

IntroductionWe sometimes come across modified applications when analyzing suspicious files. These are created in response to user requests for more customization options within the app or for new features that the official versions don’t have. Unfortunately, it’s not uncommon for popular mods to contain malware. This often happens because they’re distributed on unofficial websites that don’t have any moderation.
Necro Trojan infects 11 million Android devices

Sep 22, 2024 | kaspersky.co.uk | Dmitry Kalinin |Alanna Titterington

Here at Kaspersky Daily we’re forever urging readers of our blog to be real careful when downloading content to their devices. After all, even Google Play isn’t immune to malware — let alone unofficial sources with mods and hacked versions. For as long as the digital world keeps turning, Trojans will continue to worm their way onto devices that don’t have reliable protection. Today we tell the story of how 11 million Android users worldwide fell victim to the Necro Trojan.
EastWind campaign distributes CloudSorcerer and two APT tools

Aug 14, 2024 | securelist.com | Dmitry Kalinin |Tatyana Shishkova |Igor Golovin |Roman Dedenok

In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that received commands via the Dropbox cloud service.
LianSpy: Android spyware leveraging Yandex Disk as C2

Aug 5, 2024 | securelist.com | Dmitry Kalinin |Tatyana Shishkova |Igor Golovin |Roman Dedenok

In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications.
Financial threat report 2023: phishing, PC and mobile malware

May 6, 2024 | securelist.com | Andrey Gunkin |Alexander Fedotov |Natalya Shornikova |Dmitry Kalinin

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones.
Black Friday threat report 2023

Nov 20, 2023 | securelist.com | Dmitry Kalinin |Seongsu Park |Dmitry Galov |Dan Demeter

As the annual Black Friday approaches, the digital landscape experiences an unprecedented surge in e-commerce and online shopping activity. Major sales aside, e-commerce is still a huge market. In 2022, global e-commerce retail revenue was estimated to reach $5.7 trillion worldwide, marking nearly a 10% increase compared to the previous year.
Ducktail malware spreading through fake clothing job ads

Nov 10, 2023 | securelist.com | Dmitry Kalinin |Seongsu Park |Leonid Bezvershenko |Georgy Kucherin

Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. Kaspersky Daily Iran, WithSecure, and GridinSoft have all covered Ducktail attacks: the infostealer spread under the guise of documents relating to well-known companies’ and brands’ projects and products. The group behind the Ducktail attacks presumably hails from Vietnam.