A laughing RAT: CrystalX combines spyware, stealer, and prankware features
Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.
Kaspersky Securelist
13 articles
An AI gateway designed to steal your data
Dissecting the supply-chain attack on LiteLLM – a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to pro...
Coruna: the framework used in Operation Triangulation
Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an...
Anatomy of a Cyber World Global Report 2026
The Kaspersky Security Services report describes cyberattack trends and statistics revealed by the Managed Detection and Response service. The report also in...
The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico
Kaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt for thi...
Free real estate: GoPix, the banking Trojan living off your memory
Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) files f...
BeatBanker: A dual‑mode Android Trojan
Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable of bot...
Exploits and vulnerabilities in Q4 2025
This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use of C2 ...
Mobile malware evolution in 2025
Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT botnet...
Arkanix Stealer: a C++ & Python infostealer
Kaspersky researchers analyze a C++ and Python stealer dubbed "Arkanix Stealer", which was active for several months, targeted wide range of data, was distri...
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
Kaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also reve...
The game is over: when “free” comes at too high a price. What we know about RenEngine
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in...
Spam and phishing in 2025
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lu...