According to Kaspersky Security Network data for corporate users in South Africa, in Q2 2022 the number of users affected by Trojan Spies – spyware able to secretly harvest victim’s credentials – decreased compared to the previous quarter.
Kenya and Nigeria saw slight increases in this threat. Security operations centers in organisations remain on alert with various cybercriminal groups continuing their activity across regions.
Spyware is a type of malware that is used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.).
The collected information is then transmitted to the malicious user controlling the spyware through email, the web and other methods.
Spyware can be installed on any device – desktops or laptops, servers and mobile devices and masked as regular apps for unnoticed operation. Spyware is used for espionage – to collect banking card credentials, passwords and other valuable data.
In 2021, Kaspersky experts identified the PseudoManuscrypt spyware module targeting many industrial and government organisations. It collected VPN connection data, logged keypresses, captured screenshots and videos of the screen, recorded sound with the microphone and stole clipboard data and operating system event log data. Industrial espionage was one of the possible objectives of the campaign. Other spyware threats monitored by Kaspersky experts include such known cases as Pegasus, Chrysaor, FinSpy, CoolWebSearch, Gator.
Dynamics of users affected by Trojan Spies in the African regions were multidirectional. In South Africa, the number of users affected by Trojan Spies in Q2 decreased by 21% in comparison with Q1. In Nigeria the number of affected users increased by 12%.
In Kenya, the number of users affected by spyware remained almost unchanged with a 1% increase.
“Spyware remains one of the most popular types of malware, enabling corporate espionage or intellectual property theft. It is often used in a targeted manner, with corporate networks getting infiltrated for information collection. It is common that spyware can lead to loss of some corporate data from a device of one of the employees, but it is far more likely that the compromised employee will be used as an entry-point into the corporate network, which contains more information,” comments Emad Haffar, Head of Technical Experts, META region at Kaspersky. “One of the key characteristics of spyware is evasiveness – a competent Security Operations Center together with advanced cybersecurity solutions are required to mitigate this threat. Kaspersky Endpoint Security for Business and Kaspersky Anti Targeted Attack work well for organisations to block spyware in corporate systems.”
Author
Comments 3