Latest news with #Kaspersky
Biz Bahrain
9 hours ago
- Business
- Biz Bahrain
Kaspersky: ChatGPT-Mimicking Cyberthreats Surge 115% in Early 2025, SMBs Increasingly Targeted
In 2025, nearly 8,500 users from small and medium-sized businesses (SMBs) faced cyberattacks where malicious or unwanted software was disguised as popular online productivity tools, Kaspersky reports. Based on the unique malicious and unwanted files observed, the most common lures included Zoom and Microsoft Office, with newer AI-based services like ChatGPT and DeepSeek being increasingly exploited by attackers. Kaspersky has released threat analysis and mitigation strategies to help SMBs respond. Kaspersky analysts explored how frequently malicious and unwanted software are disguised as legitimate applications commonly used by SMBs, using a sample of 12 online productivity apps. In total, Kaspersky observed more than 4,000 unique malicious and unwanted files disguised as popular apps in 2025. With the growing popularity of AI services, cybercriminals are increasingly disguising malware as AI tools. The number of cyberthreats mimicking ChatGPT increased by 115% in the first four months of 2025 compared to the same period last year, reaching 177 unique malicious and unwanted files. Another popular AI tool, DeepSeek, accounted for 83 files. This large language model launched in 2025 immediately appeared on the list of impersonated tools. 'Interestingly, threat actors are rather picky in choosing an AI tool as bait. For example, no malicious files mimicking Perplexity were observed. The likelihood that an attacker will use a tool as a disguise for malware or other types of unwanted software directly depends on the service's popularity and hype around it. The more publicity and conversation there is around a tool, the more likely a user will come across a fake package on the internet. To be on the safe side, SMB employees – as well as regular users – should exercise caution when looking for software on the internet or coming across too-good-to-be-true subscription deals. Always check the correct spelling of the website and links in suspicious emails. In many cases these links may turn out to be phishing or a link that downloads malicious or potentially unwanted software', says Vasily Kolesnikov, security expert at Kaspersky. Another cybercriminal tactic to look for in 2025 is the growing use of collaboration platform brands to trick users into downloading or launching malware. The number of malicious and unwanted software files disguised as Zoom increased by nearly 13% in 2025, reaching 1,652, while such names as 'Microsoft Teams' and 'Google Drive' saw increases of 100% and 12%, respectively, with 206 and 132 cases. This pattern likely reflects the normalization of remote work and geographically distributed teams, which has made these platforms integral to business operations across industries. Among the analyzed sample, the highest number of files mimicked Zoom, accounting for nearly 41% of all unique files detected. Microsoft Office applications remained frequent targets for impersonation: Outlook and PowerPoint each accounted for 16%, Excel for nearly 12%, while Word and Teams made up 9% and 5%, respectively. Share of unique files with names mimicking the popular legitimate applications in 2024 and 2025 The top threats targeting small and medium businesses in 2025 included downloaders, trojans and adware. Phishing and Spam Apart from malware threats, Kaspersky continues to observe a wide range of phishing and scam schemes targeting SMBs. Attackers aim to steal login credentials for various services — from delivery platforms to banking systems — or manipulate victims into sending them money through deceptive tactics. One example is a phishing attempt targeting Google Accounts. Attackers promise potential victims to increase sales by advertising their company on X, with the ultimate goal to steal their credentials. Beyond phishing, SMBs are flooded with spam emails. Not surprisingly, AI has also made its way into the spam folder — for example, with offers for automating various business processes. In general, Kaspersky observes phishing and spam offers crafted to reflect the typical needs of small businesses, promising attractive deals on email marketing or loans, offering services such as reputation management, content creation, or lead generation, and more. Learn more about the cyber threat landscape for SMBs on Securelist. To mitigate threats targeting businesses, their owners and employees are advised to implement the following measures: ● Use specialized cybersecurity solutions that provide visibility and control over cloud services (e.g., Kaspersky Next). ● Define access rules for corporate resources such as email accounts, shared folders, and online documents. ● Regularly backup important data. ● Establish clear guidelines for using external services. Create well-defined procedures for implementing new software with the involvement of IT and other responsible managers.
Business Recorder
12 hours ago
- Business
- Business Recorder
Streaming services: Over 7m compromised accounts identified
ISLAMABAD: A leading cybersecurity company identified over seven million compromised accounts belonging to streaming services like Netflix, Disney+, Amazon Prime Video and others. According to a new report of Kaspersky issued on Friday, to raise their awareness and build digital resilience, it has launched 'Case 404'-an interactive cyber-detective game that helps Gen Z recognize hidden dangers and learn how to protect their digital lives. Kaspersky Digital Footprint Intelligence team analyzed compromised credentials and uncovered 7,035,236 cases in 2024. These weren't stolen directly from the platforms themselves but were collected as part of broader credential theft campaigns. Netflix leads both in popularity and in exposure, with 5,632,694 compromised accounts detected. Brazil had the highest number of exposed Netflix credentials in 2024, followed by Mexico and India. Kaspersky experts detected 680,850 Disney+ accounts in leaked data sets. Again, Brazil stood out as the country with the most breached accounts, followed by Mexico and Germany. Amazon Prime Video, though smaller in volume with 1,607 compromised accounts, still plays a significant role, especially among Gen Z viewers looking for more subversive or edgy narratives. Once a device is infected, cybercriminals don't stop at the streaming app. Malware collects sensitive data — account credentials, cookies, bank card details — which are then sold or leaked on underground forums. Sometimes, attackers give this data away just to build their reputation. These forums are active, fast-moving, and accessible to a wide range of malicious actors. What begins as a compromised Netflix password can quickly snowball into broader digital intrusion, identity theft, or financial fraud, especially if the same credentials are reused across services, the report said. To watch favourite shows safely, Kaspersky recommended changing passwords for the potentially compromised accounts and ensure there has been no suspicious activity associated with these accounts. Always use a legitimate, paid subscription when accessing streaming services and ensure you're using apps from official marketplaces or the official websites. Use a reliable security solution, like Kaspersky Premium, to detect malicious attachments that could compromise your data. Ensure secure browsing and safe messaging with Kaspersky VPN, protecting your IP address and preventing data leaks, the report added. Copyright Business Recorder, 2025
Business Recorder
a day ago
- Business
- Business Recorder
Cybersecurity company identifies over 7mn ‘compromised accounts' belonging to Netflix, Prime, others
ISLAMABAD: A cybersecurity company Kaspersky has identified over 7 million compromised accounts belonging to streaming services like Netflix, Disney+, Amazon Prime Video and others. In its latest report issued on Friday, the company said its Digital Footprint Intelligence team had analysed 'compromised credentials' and uncovered 7,035,236 cases in 2024. These weren't stolen directly from the platforms themselves but were collected as part of broader credential theft campaigns, according to report. Netflix to stream French TV content in world first Netflix leads both in popularity and in exposure, with 5,632,694 compromised accounts detected. Brazil had the highest number of exposed Netflix credentials in 2024, followed by Mexico and India. Kaspersky experts detected 680,850 Disney+ accounts in leaked data sets. Again, Brazil stood out as the country with the most breached accounts, followed by Mexico and Germany. Amazon Prime Video, though smaller in volume with 1,607 compromised accounts, still plays a significant role, especially among Gen Z viewers looking for more subversive or edgy narratives. Once a device is infected, cybercriminals don't stop at the streaming app. Malware collects sensitive data — account credentials, cookies, bank card details — which are then sold or leaked on underground forums. Sometimes, attackers give this data away just to build their reputation. These forums are active, fast-moving, and accessible to a wide range of malicious actors. What begins as a compromised Netflix password can quickly snowball into broader digital intrusion, identity theft, or financial fraud, especially if the same credentials are reused across services, the report said. To watch favorite shows safely, Kaspersky recommended changing passwords for the potentially compromised accounts and ensure there has been no suspicious activity associated with these accounts. Netflix signals confidence with upbeat revenue outlook Always use a legitimate, paid subscription when accessing streaming services and ensure you're using apps from official marketplaces or the official websites. Use a reliable security solution, like Kaspersky Premium, to detect malicious attachments that could compromise your data. Ensure secure browsing and safe messaging with Kaspersky VPN, protecting your IP address and preventing data leaks, the report recommended.
Entrepreneur
a day ago
- Business
- Entrepreneur
Rising Cybersecurity Demand Drives Kaspersky's India Business Up 24%
Building on this momentum, Kaspersky has significantly strengthened its presence in India by tripling its local headcount over the past two years You're reading Entrepreneur India, an international franchise of Entrepreneur Media. Kaspersky, a leading provider of cybersecurity and data privacy, recorded a 24 per cent year-over-year (YoY) increase in total product sales in India during 2024, driven by strong demand for cyber security solutions in the country. The B2B segment grew 20 per cent, while the B2C segment saw an impressive 30 per cent growth. Notably, Kaspersky Threat Data Feeds, the company's threat intelligence solution designed for large enterprises and SMBs, experienced a YoY growth of over 209 per cent. Additionally, the Endpoint Detection and Response (EDR) Optimum variant recorded a 44 YoY increase. Jaydeep Singh, General Manager for India at Kaspersky said, "The Indian cybersecurity market is one of the top performing markets for Kaspersky in South Asia. We have shown an impressive growth rate across all our target product groups for the country. This signals the fact that Indian users, both in the B2B and B2C segments, are aware of the threat incidents and are willing to take solid cybersecurity measures to protect themselves. This is also underscored by the cybersecurity and digital safety initiatives being taken by the Indian government." "The measures around cyber threat awareness, the DPDP Act and the RBI guidelines for cybersecurity have also helped the users in India understand the critical need for intelligence-led cybersecurity. This has helped us to grow in the market and we are ready to continue this momentum in 2025," he added. Building on this momentum, Kaspersky has significantly strengthened its presence in India by tripling its local headcount over the past two years. The company now operates with a growing team focused on expanding its capabilities across sales, pre-sales, technical support, and customer experience. India is also emerging as a key innovation and intelligence hub for Kaspersky, with regional researchers monitoring over 900 advanced persistent threat (APT) groups daily as part of its global threat tracking infrastructure. Additionally, the India team contributes to digital footprint intelligence (DFI) operations, including brand protection and takedown services, which are increasingly in demand across the region. These investments are part of Kaspersky's strategy to capitalize on India's cybersecurity potential and address the rising volume of threats targeting enterprises and individuals. In 2024 alone, the company saw strong double-digit growth in India, reinforcing its position as a high-priority market within the Asia Pacific region. The year of 2024 also marked the presentation of the company's new flagship product line, Kaspersky Next. The portfolio combines robust endpoint protection with the transparency and speed of EDR (Endpoint Detection and Response) alongside the visibility and powerful tools of XDR (Extended Detection and Response), giving a further boost to the company's B2B ecosystem sales.
Indian Express
2 days ago
- Indian Express
This malware steals screenshots from your device: Everything to know about SparkKitty
A newly identified mobile malware named SparkKitty is targeting smartphone users through fake applications, stealing images from their photo galleries, including screenshots. These screenshots could likely contain cryptocurrency wallet recovery phrases or other sensitive details. The Trojan has been detected on Android and iOS platforms, and experts warn it poses a serious risk to the growing number of people managing digital assets on their phones. SparkKitty is classified as a Trojan virus, meaning it disguises itself as a genuine app but performs harmful actions in the background. Security researchers have found that it embeds itself in various fake apps, including crypto converters, messaging apps, and unofficial versions of the social media app TikTok. Some of these apps were even listed on official app stores before being taken down. SparkKitty appears to be a mobile version of an earlier malware known as SparkCat, which targeted macOS and Windows systems a few years ago. Notable overlaps were found by researchers at SecureList, a research wing of Kaspersky, between the two malware, suggesting a shift in attackers' tactics, with them now targeting smartphones as users increasingly rely on them to store and manage financial information. Once a user installs a fake app with SparkKitty embedded, it requests access to the phone's photo gallery. On Android, it scans all images using built-in tools to detect text within screenshots, especially those showing wallet recovery phrases or QR codes. On iPhones, the malware uses common coding libraries to bypass system restrictions and access stored photos and device information, as reported by cybersecurity firm Kaspersky, which originally discovered the virus. The primary purpose of SparkKitty is to gain control of users' cryptocurrency wallets. Many people store their wallet seed phrases (phrases that store all the information needed to recover Bitcoin funds) as screenshots for convenience, unaware that these unprotected images can be easily accessed by malware. Once these images are stolen, attackers can use the information to recover the wallets and transfer out the funds without the user's knowledge. Although the malware has mainly been found targeting users in Southeast Asia and China, cybersecurity experts caution that its distribution methods could allow it to spread globally. SparkKitty has been circulated through both official platforms, like the Play Store and App Store, as well as unofficial sources that offer pirated applications. Its use of misleading app names, convincing icons, and fake user reviews makes it difficult for average users to identify the threat. To stay protected from SparkKitty and similar threats, users are advised not to store sensitive information like bank account details, passwords, and recovery information as screenshots. Instead, security experts recommend writing them down and storing them securely offline. Apps should only be granted access to photos when absolutely necessary, and users should regularly review their app permissions. Suspicious apps, even those downloaded from your phone's official app store, should be removed, and devices should be kept updated with the latest security patches. Tools like Google Play Protect or reputable mobile antivirus software can also help detect malicious activity. (This article has been curated by Arfan Jeelany, who is an intern with The Indian Express)
