appsec.fyi · Sources

kaspersky.com

5 curated AppSec resources from kaspersky.com across 2 topics on appsec.fyi.

kaspersky.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-22.

Date Added Resource Excerpt
2026-06-22 2026Hackers hijacked Hola Browser for secret crypto miningSupply ChainWriteup of a supply chain attack that compromised Hola Browser (version 1.251.91.0) to secretly mine Monero cryptocurrency on user devices. The malicious `me{.}exe` file bypassed Microsoft Defender exclusions, disguised itself as `HolaMonitorService{.}exe`, and established a persistent background service, only activating when the computer was idle. The attack highlights the risks of software supply chain vulnerabilities and the importance of keeping applications updated.
2026-05-05 2026Kaspersky identifies ongoing supply chain attack on official Daemon Tools website distributing backdoor malwareSupply ChainAnalysis of a supply chain attack targeting Daemon Tools, which distributed backdoor malware via compromised installers disguised with valid digital certificates. The attack, affecting versions 12.5.0.2421 and later, granted threat actors arbitrary command execution and remote control capabilities by leveraging the software's elevated system privileges. Some targeted organizations also saw manual deployment of additional payloads like shellcode injectors and unknown RATs, with Chinese-language artifacts observed.
2026-05-05 2026Supply chain attack via DAEMON ToolsSupply ChainWriteup detailing a supply chain attack via DAEMON Tools, where attackers injected malicious code into installers for versions 12.5.0.2421 through 12.5.0.2434, specifically compromising DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. This compromise led to the deployment of information gatherers, a backdoor, and the QUIC RAT implant, targeting thousands of users globally since April 8, 2026.
2026-04-16 2026Most Notable Supply Chain Attacks of 2025 - KasperskySupply ChainSurvey of notable supply chain attacks in 2025, detailing incidents including a RAT in DogWifTools, the US$1.5 billion Bybit heist via Safe{Wallet}, a GitHub Actions compromise targeting Coinbase, backdoors in 21 Magento extensions, ransomware distributed through an MSP exploiting SimpleHelp, injected malicious code in Gluestack npm packages, phishing attacks on npm package maintainers, and the s1ngularity attack on the Nx build system.
2026-04-03 2026Think Your Phone Camera Is Hacked? Heres How You Find OutMobileReference detailing how to detect phone camera hacking, typically occurring via spyware or Remote Access Trojans (RATs) installed through malicious apps or phishing links. Signs include unexpected camera indicator lights, "camera already in use" errors, unknown photos/videos, overheating, battery drain, and increased data usage. Attackers gain access through granted permissions, disguised apps, social engineering, physical access, or advanced zero-click exploits like Pegasus, enabling silent photo/video capture and live viewing.