#kaspersky
13 articles
This archive collects 14 articles tagged kaspersky published between April 16, 2026 and July 17, 2026, giving security teams a focused view of how this topic has appeared across ZCyberNews coverage. Observed actor references include CrystalX, GoSerpent, and HelloNet, presented only where the underlying article metadata supports the attribution. The affected-scope signals emphasize finance, education, and energy across Global, Russia, and Southeast asia, helping readers compare exposure patterns without adding claims beyond the archive data. Severity coverage includes 1 critical, and 11 high reports.
HIGHGoSerpent Backdoor Evolves in Targeted Attacks on Southeast Asian
Kaspersky details the GoSerpent backdoor, active since 2021, targeting government entities in Southeast Asia with a 2026 variant that uses encrypted C2, SOCKS5 proxying, and...
HIGHHelloNet Campaign Hijacks ViPNet Update System to Deploy Malicious
Kaspersky details HelloNet APT campaign targeting Russian government, energy, and transport sectors via ViPNet update system DLL sideloading since May 2026.
HIGHOkoBot: New Sophisticated Malware Framework Targets Cryptocurrency
Kaspersky GReAT dissects OkoBot, a multi-stage framework using SSH tunnels and over 20 payloads to steal cryptocurrency wallet seed phrases, browser data, and credentials.

Industrial ICS Threat Rates Hit Three-Year Low in Q1 2026
Kaspersky ICS CERT reports 19.6% of ICS computers blocked malware in Q1 2026, the lowest rate since Q2 2023.

Kaspersky: 60% of Incidents Missed by Automated Security Tools
Kaspersky Compromise Assessment 2025 findings: 60% of incidents lacked high-confidence alerts; 30.8% of threats persisted over 3 months; 40% of web shells hid in backups.
HIGHWhatsApp VBScript Campaign Delivers RMM Remote Access Malware
Kaspersky details an active global campaign distributing VBS files via WhatsApp that installs UEMS RMM software, enabling persistent remote access across 12 countries including...
HIGHOceanLotus APT Uses PyPI Packages to Deliver ZiChatBot Malware
Kaspersky attributes a PyPI supply chain campaign to OceanLotus APT, using fake wheel packages to drop ZiChatBot malware that abuses Zulip chat APIs for C2 on Windows and Linux.
HIGHZiChatBot Malware Spreads via PyPI Packages Using Zulip C2
Three PyPI packages deliver ZiChatBot malware on Windows and Linux using Zulip chat APIs for stealthy C2 — Kaspersky identifies 12+ victim organizations globally.
HIGHCrystalX RAT Combines Spyware, Stealer, and Prankware in MaaS Offering
Kaspersky details CrystalX RAT, a MaaS malware with spyware, credential theft, and prankware features targeting Windows users globally since mid-2025.
HIGHKaspersky: Financial Cyber Threats Surged 15% in 2025
Kaspersky reports a 15% year-over-year increase in financial cyber threats in 2025, with infostealers and phishing dominating. Android banking malware rose 20% in Latin America.
HIGH26 Fake Crypto Wallet Apps on Apple App Store Steal Seed Phrases
Kaspersky found 26 malicious apps on the Apple App Store since fall 2025 that impersonate wallets like MetaMask and Coinbase to steal recovery phrases and private keys via…
CRITICALLotus Wiper Strikes Venezuelan Energy Sector in Destructive Campaign
Kaspersky discovered Lotus Wiper, a novel file wiper targeting Venezuela's energy and utilities sector since late 2025.
HIGHIndustrial Control Systems Face Rising Malware, USB Threats in Q4 2025
Kaspersky data shows malware blocked on 33.3% of industrial control system computers in Q4 2025, with internet threats and removable media as top infection vectors. The share of systems facing USB-borne threats grew to 4.1%.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.