OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI
Introduction Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI (the Python…
Category: securelist
Industrial threat report for Q4 2025
Statistics across all threats The percentage of ICS computers on which malicious objects were blocked has been decreasing since the beginning of 2024. In Q4…
ClipBanker Trojan masquerades as Proxifier software
At the start of the year, a certain Trojan caught our eye due to its incredibly long infection chain. In most cases, it kicks off…
An analysis of CrystalX commercial RAT with prankware features
Introduction In March 2026, we discovered an active campaign promoting previously unknown malware in private Telegram chats. The Trojan was offered as a MaaS (malware‑as‑a‑service) with…
Kaspersky Global Report by Kaspersky Security Services 2026
Kaspersky Security Services provide a comprehensive cybersecurity ecosystem, taking enterprise threat protection to another level. Services like Kaspersky Managed Detection and Response and Compromise Assessment…
![Fake CAPTCHA page at the URL https://evs.grupotuis[.]buzz/0capcha17/](https://image.cybernoz.com/wp-content/uploads/2026/03/How-we-uncovered-a-Horabot-campaign-and-how-you-can-468x340.png)
How we uncovered a Horabot campaign and how you can detect this malware
Introduction In this installment of our SOC Files series, we will walk you through a targeted campaign that our MDR team identified and hunted down…
eScan supply chain attack: what you should know
UPD 30.01.2026: Added technical details about the attack chain and more IoCs. On January 20, a supply chain attack has occurred, with the infected software…
Active malicious campaign with the RenEngine loader
We often describe cases of malware distribution under the guise of game cheats and pirated software. Sometimes such methods are used to spread complex malware…
The mobile threat landscape in 2025
Starting from the third quarter of 2025, we have updated our statistical methodology based on the Kaspersky Security Network. These changes affect all sections of…