kaspersky.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-22.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-22 2026 | Hackers hijacked Hola Browser for secret crypto miningSupply Chain | Hackers compromised the Hola Browser, a free VPN and adblocker, to secretly mine cryptocurrency on users' devices. This malicious activity went undetected for an extended period, exploiting users' processing power without their consent. The breach highlights a significant security risk for users of the affected browser, as their personal devices were essentially turned into crypto-mining farms for the attackers. |
| 2026-05-05 2026 | Kaspersky identifies ongoing supply chain attack on official Daemon Tools website distributing backdoor malwareSupply Chain | Analysis of a supply chain attack targeting Daemon Tools, which distributed backdoor malware via compromised installers disguised with valid digital certificates. The attack, affecting versions 12.5.0.2421 and later, granted threat actors arbitrary command execution and remote control capabilities by leveraging the software's elevated system privileges. Some targeted organizations also saw manual deployment of additional payloads like shellcode injectors and unknown RATs, with Chinese-language artifacts observed. |
| 2026-05-05 2026 | Supply chain attack via DAEMON ToolsSupply Chain | Writeup detailing a supply chain attack via DAEMON Tools, where attackers injected malicious code into installers for versions 12.5.0.2421 through 12.5.0.2434, specifically compromising DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. This compromise led to the deployment of information gatherers, a backdoor, and the QUIC RAT implant, targeting thousands of users globally since April 8, 2026. |
| 2026-04-16 2026 | Most Notable Supply Chain Attacks of 2025 - KasperskySupply Chain | Survey of notable supply chain attacks in 2025, detailing incidents including a RAT in DogWifTools, the US$1.5 billion Bybit heist via Safe{Wallet}, a GitHub Actions compromise targeting Coinbase, backdoors in 21 Magento extensions, ransomware distributed through an MSP exploiting SimpleHelp, injected malicious code in Gluestack npm packages, phishing attacks on npm package maintainers, and the s1ngularity attack on the Nx build system. |
| 2026-04-03 2026 | Think Your Phone Camera Is Hacked? Heres How You Find OutMobile | Reference detailing how to detect phone camera hacking, typically occurring via spyware or Remote Access Trojans (RATs) installed through malicious apps or phishing links. Signs include unexpected camera indicator lights, "camera already in use" errors, unknown photos/videos, overheating, battery drain, and increased data usage. Attackers gain access through granted permissions, disguised apps, social engineering, physical access, or advanced zero-click exploits like Pegasus, enabling silent photo/video capture and live viewing. |