GReAT

Global Research & Analysis Team, Kaspersky

14 articles

250,000 misconfigurations in GitHub Actions

Potential Threat: misconfigurations in GitHub Actions

A GReAT study has identified ~250,000 potential security issues in publicly accessible GitHub Actions.

Argamal RAT: attackers distributing a remote access Trojan through hentai games

Hentai games with a nasty twist

Looking for a hentai game, but ended up with malware? Attackers are hiding the Argamal remote access Trojan inside hentai games, and distributing it through dedicated websites and torrent trackers. We break down how this malware works, why it’s dangerous, and how to keep your computer from becoming a goldmine for blackmailers.

Study on the Wi-Fi security situation in Mexico

Is Wi-Fi safe in Mexico?

Our experts took a road trip through Mexico ahead of the World Cup to test whether it’s safe to connect to public Wi-Fi access points in major cities.

prankware-crystalx-rat-maas

CrystalX RAT can flip your screen and steal your crypto

The new CrystalX remote access Trojan looks like the prank viruses of the 90s on the surface, but it causes a lot more damage. It spies on all that’s happening on your computer, steals cryptocurrency and accounts, and gives the attacker full control over your device. We break down how it works, and how to avoid becoming a victim.

BeatBanker and BTMOB trojans: infection techniques and how to stay safe

Android trojan posing as government services and Starlink apps

We break down the BeatBanker trojan attack, which combines espionage, crypto theft, and mining with inventive ways to dig its heels into a smartphone.

CVE-2026-3102: macOS ExifTool image-processing vulnerability

The ExifTool vulnerability: how an image can infect macOS systems

An in-depth analysis of CVE-2026-3102, a vulnerability posing a potential threat to anyone processing images on a Mac.

Vulnerability in the Rubetek Home smart-home app

Not-so-smart home

Our experts at GReAT have uncovered a dangerous vulnerability in a smart-home control app that allowed attackers to disable physical security systems.

CVE-2025-2783 in Operation ForumTroll APT attack

Operation ForumTroll: APT attack via zero-day vulnerability

Our technologies have helped to detect the zero-day vulnerability CVE-2025-2783 in Google Chrome, which was used in a sophisticated APT attack.

Cybercriminals are distributing a miner disguised as a restriction-bypassing tool

Miner inconvenience: how cybercriminals blackmail YouTubers into promoting malware

Cybercriminals are blackmailing YouTube bloggers into posting malware links in their video descriptions.

Malicious code in fake GitHub repositories

Malicious code on GitHub: How hackers target programmers

We discovered over 200 repositories with fake projects on GitHub. Using them, attackers distribute stealers, clippers, and backdoors.

XMRig miner attacks corporate users

XMRig miner as a New Year’s gift

Just a few hours before 2025, we recorded a surge in cryptominer distribution through video games. Interestingly, not only home PCs but also corporate machines were affected.

New Tria stealer intercepts text messages on Android

Beware of stealers disguised as… wedding invitations

Attackers are pumping out fake wedding invitations containing malicious APKs to Android users. To find out how to guard against this new threat, read on.

Packages with infostealer found in PyPI repository

JarkaStealer in PyPI repository

Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository.

Use of allowlists is not enough

Security should be multilayered, and use of allowlists is appropriate as one of the security levels.