Comments for Securelist

Comment on Operation Triangulation: iOS devices targeted with previously unknown malware by Securelist

Securelist — Mon, 16 Mar 2026 13:24:43 +0000

In reply to Melissa Taggart. Hi Melissa, If you are being stalked, you can find help and advice here: https://stopstalkerware.org/ This is a website dedicated to fighting stalkerware and cyberstalking, it contains useful contacts and tips.

Comment on Operation Triangulation: iOS devices targeted with previously unknown malware by Melissa Taggart

Melissa Taggart — Sun, 15 Mar 2026 13:29:57 +0000

My ex is cyber stalking me. He hacked all my accounts 2 laptops my apple my android and I have no privacy and can’t access any of my accounts. He won’t stop . I have a domestic violence case and need help please

Comment on TGIF(P) – Thank god it’s fried phish by Michael Molsner

Michael Molsner — Wed, 11 Mar 2026 12:06:27 +0000

In reply to garry sives.

Seeing this comment more than 10 Years later, I want to thank you (better late than never :-D)
And yes, Kaspersky Teams do have their minds at the right place indeed, no matter how many disinformation or global politics campaigns are ran against it.

Comment on The Flame: Questions and Answers by Securelist

Securelist — Wed, 04 Mar 2026 10:18:18 +0000

In reply to Hexdieno1-4.

Hi Hexdieno,

This threat was discovered quite a while ago. All reports we ever prepared on Flame were published on Securelist. You can try searching this tag: https://securelist.com/tag/flame/. If the information you search isn’t there, most likely, it is nowhere.

Comment on The Flame: Questions and Answers by Hexdieno1-4

Hexdieno1-4 — Wed, 04 Mar 2026 03:19:03 +0000

In the public reports about Flame (Skywiper), it is stated that the malware was discovered during an investigation requested by the ITU regarding data-wiping incidents in the Middle East.

However, I am looking for deeper technical details about the initial discovery process.

Specifically:

What concrete technical indicators first led to Flame being identified (e.g., anomalous network traffic, memory artifacts, unknown modules, forensic disk findings)?

Was the initial detection based on network telemetry, incident response imaging, behavioral analysis, or reverse engineering of samples provided by the Iranian CERT?

Are there any published forensic logs, packet captures, hashes, or technical write-ups describing the exact moment or method of identification?

I am not looking for high-level summaries, but for technical documentation describing the original detection vector and forensic process that led to the identification of Flame.

Comment on Story of the year: the impact of AI on cybersecurity by Paul T. Lambert

Paul T. Lambert — Tue, 03 Mar 2026 07:48:31 +0000

2024 came and went, as did 2025. 2026 is here with nothing really all that new. Hm?

Comment on The game is over: when “free” comes at too high a price. What we know about RenEngine by Securelist

Securelist — Tue, 24 Feb 2026 11:24:03 +0000

In reply to Georgi.

Hi Georgi,

Here’s what you can do:
– If you have a backup made before the infection, use it to restore the system;
– Clear your browser’s password storage. Moving forward, use a password manager instead of storing passwords in browsers;
– Reset your email account passwords, and those for all services linked to email;
– Install an internet security solution and run a full system scan.

We recommend installing Kaspersky Premium and performing a full system scan. Once you have the scan results, you can contact support for further instructions or additional assistance.

Comment on The game is over: when “free” comes at too high a price. What we know about RenEngine by Georgi

Georgi — Sun, 22 Feb 2026 13:45:55 +0000

Hello,

I believe my computer may have been infected with the malware which is described in this article.

A few days ago I downloaded the game Norland from dodi-repacks[.]site. After installing it, suspicious activity started.

My email account was accessed without permission. Password reset codes were requested. Some accounts were taken over, including LinkedIn and Instagram. Someone also accessed my contact lists.

I removed some malware but I am not sure the system is clean.

I would like expert advice:
1. Is full Windows reinstallation required?
2. What forensic steps should I take before reinstalling?
3. What data should I preserve for analysis?

Any guidance would help.

Thank you.

Comment on Arkanix Stealer: a C++ & Python infostealer by Artem

Artem — Sun, 22 Feb 2026 11:35:49 +0000

Nice report

Comment on The Notepad++ supply chain attack — unnoticed execution chains and new IoCs by Georgy Kucherin

Georgy Kucherin — Mon, 16 Feb 2026 10:44:00 +0000

In reply to Mark.

Hi Mark,
Feel free to use the md5sum, sha1sum and sha256sum hashing tools in your malware analysis.