Joan Calvet

In this blog we describe a sophisticated backdoor, called Dino by its creators. We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware.

In this post, we lift the veil on Casper - another piece of software that we believe to have been created by the same organization that is behind Babar and Bunny.

The Sednit espionage group, also known as the Sofacy group, APT28 or “Fancy Bear”, has been targeting various institutions for many years. We recently discovered a component the group employed to reach physically isolated computer networks -- “air-gapped” networks -- and exfiltrate sensitive files from them through removable drives.

In this post, we examine the complex it fits into a larger click fraud ecosystem, where users can be redirected either automatically, or through search engines browsing, to advertisement websites.

This is the first in a series of two blog posts on the malware family Win32/Boaxxe.BE whose end goal is to drive traffic to advertisement websites by using various click fraud techniques, and thus earn money from these websites as an “advertiser”.

In this blog post, we will describe software detected by ESET products as Win32/Kankan, and explain why its discovery shocked many Chinese users, then we will provide an in-depth analysis of its functionalities - and discuss the evidence that Xunlei Networking Technologies is implicated.