Woburn, MA – December 13, 2023 – Kaspersky's Global Research and Analysis Team (GReAT) has uncovered the emergence of three new cross-platform threats. The company’s latest crimeware report reveals new strategies being employed by cybercriminals using FakeSG, Akira ransomware, and the AMOS macOS stealer.
The contemporary crimeware landscape is marked by constant evolution, as cybercriminals deploy sophisticated tactics across various platforms to exploit victims. Kaspersky experts analyze various threats, including cross-platform ransomware, macOS stealers, and malware distribution campaigns.
GReaT recently discovered FakeSG, which compromises legitimate websites to display deceptive browser update notifications. Clicking on these notifications triggers the download of a harmful file, and despite changing URLs, the path (/cdn/wds.min.php) remains constant. The downloaded file runs hidden scripts, prompting users to update their browsers, while establishing persistence through scheduled tasks. Within the archive, a malicious configuration file exposes the Command and Control (C2) address, highlighting the sophistication of this campaign.
Example of a FakeSG landing page
Akira, a new ransomware variant affecting both Windows and Linux systems, has swiftly infected more than 60 organizations globally, targeting retail, consumer goods, and education organizations. Its adaptability to work across platforms enables its broad impact on diverse industries. Sharing traits with Conti, such as an identical folder exclusion list, Akira features a distinctive Command and Control (C2) panel with an old-school minimalistic design, fortifying against analysis attempts.
The AMOS macOS stealer surfaced in April 2023 and initially sold for $1,000/month on Telegram. It evolved from Go to C, deploying malvertising on cloned software sites. It infiltrates macOS systems, retrieving and compressing user data for transmission to the Command and Control server, utilizing a unique UUID for identification. This reflects a growing trend of macOS-specific stealers exploiting potential vulnerabilities, deviating from stealers’ traditional association with Windows platforms.
Malware installation instructions
“Adapting to the dynamic landscape of cyber threats is paramount to safeguarding our digital environments,” said Jornt van der Wiel, senior security researcher at GReAT. “The emergence of this new crimeware, coupled with the non-standard methods cybercriminals employ across diverse operating systems, underscores the urgency for vigilance and innovation in detection. Staying one step ahead requires a collective effort, emphasizing the crucial role of continuous research and collaboration to fortify our defenses against evolving cyber threats.”
To read the full report, please visit Securelist.com.
In order to prevent financially motivated threats, Kaspersky recommends:
- Set up offline backups that intruders cannot tamper with. Make sure you can quickly access them in an emergency when needed.
- Install ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business, which shields computers and servers from ransomware and other types of malware, prevent exploits, and is compatible with pre- installed security solutions.
- To minimize the likelihood of crypto-miners being launched, use a dedicated security solution such as Kaspersky Endpoint Security for Business with application and web control; behavior analysis helps users to detect malicious activity quickly, while the vulnerability and patch manager protects devices from crypto-miners that exploit vulnerabilities.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Media Contact
Sawyer Van Horn
sawyer.vanhorn@Kaspersky.com
(781) 503-1866
