Kaspersky
Coverage of Kaspersky in the Nexus archive.
- ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
ToddyCat, a threat actor, has been linked to Umbrij malware that exploits OAuth to access Gmail via Google API, targeting corporate email compromises. Kaspersky reported that attackers focused on breaching Gmail communications through API access.
- SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
Unknown threat actors are using the ScreenConnect remote access tool to deploy AsyncRAT via spoofed websites. Kaspersky reports a 'massive, multi-domain, multi-language' campaign distributing malicious installers disguised as popular software like OBS Studio and Bandicam.
- New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
A new malware family called SharkLoader is being used to deploy Cobalt Strike Beacon in cyberattacks tracked as StrikeShark. The campaign has targeted a diplomatic organization in Indonesia and government organizations in Taiwan.
- WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
A WhatsApp campaign is distributing malicious VBScript files that install the ManageEngine RMM tool, according to Kaspersky. The attack targets WhatsApp Desktop and Web users in Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, and Australia.
- Russian spy agency says foreign spies turned officials' smartphones into surveillance devices
Russia's Federal Security Service (FSB) alleges that foreign intelligence agencies implanted malware on smartphones of senior Russian officials to steal data and conduct surveillance. The FSB has initiated a criminal investigation but has not provided evidence or details about the malware, affected officials, or the responsible agency. Previous accusations by the FSB include a 2023 claim about US National Security Agency (NSA) compromising iPhones, which was linked to Kaspersky's 'Operation Triangulation' campaign.
- Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia
Pro-Ukraine BO Team and Head Mare hackers are teaming up to launch attacks against Russia, with researchers identifying overlapping infrastructure and tools used by both groups. The coordination suggests a joint effort in their cyberattacks. Researchers at Kaspersky made this discovery.
- 60% of MD5 password hashes are crackable in under an hour
Researchers at Kaspersky found that 60% of MD5 password hashes can be cracked in under an hour using a single GPU, highlighting the vulnerability of passwords protected by fast hashing algorithms. This is due to password predictability and the increasing power of graphics processors. The study analyzed over 231 million unique passwords and found that passwords are actually easier to crack in 2026 than they were a couple of years ago.
- PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Cybersecurity researchers discovered three packages on the Python Package Index repository that deliver ZiChatBot malware on Windows and Linux systems. The packages implement described features but covertly deliver malicious files. Kaspersky reported the findings.
- Hackers compromise Daemon Tools in global supply-chain attack, researchers say
Hackers compromised Daemon Tools by tampering with installers and distributing them through the software's official website, according to researchers at Kaspersky. This is a global supply-chain attack affecting a popular program used to mount disk images as virtual drives. The attackers distributed the compromised installers through the official Daemon Tools website.
- Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools, a widely used disk imaging app, has been compromised in a month-long supply-chain attack, pushing malicious updates to thousands of machines worldwide. The infected versions, ranging from 12.5.0.2421 to 12.5.0.2434, collect system information and send it to an attacker-controlled server. The attack targets select groups, including retail, scientific, government, and manufacturing organizations.
- DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
A supply chain attack has compromised DAEMON Tools software installers with malware, distributing it from the official website and signed with legitimate digital certificates. The attack was identified by Kaspersky researchers. The malicious payload is served through compromised installers.
- Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack
Kaspersky has detected a widespread attack where Chinese hackers planted a backdoor into Daemon Tools, resulting in thousands of infection attempts and at least a dozen successful hacks. The malicious versions of the popular Windows software were installed by users. This attack has compromised the security of many systems.
- Researchers report Amazon SES abused in phishing to evade detection
Amazon Simple Email Service is being abused to send phishing emails that can bypass standard security filters. Cybersecurity firm Kaspersky reports the abuse, which renders reputation-based blocks ineffective. The phishing emails are convincing and increasingly used.
- 26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
Cybersecurity researchers have identified 26 malicious apps on the Apple App Store that mimic legitimate cryptocurrency wallets to steal recovery phrases and private keys. These apps, active since fall 2025, trick users into downloading trojanized versions of authentic wallets via fake App Store redirects.
- Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
Cybersecurity researchers discovered a new data wiper malware, Lotus Wiper, used in destructive attacks targeting Venezuela's energy and utilities sector between late 2025 and early 2026. The malware, identified by Kaspersky, employs batch scripts to initiate file deletion campaigns.