The latest research from Labs on threats and technology

Available Whitepapers

Show all   |   Threat Reports   |   Technical Papers


NanHaiShu: RATing the South China Sea

This whitepaper details the malware being used by a threat actor to target government and private-sector organizations involved in a territorial dispute centered on the South...

Download PDF

F-Secure DeepGuard

This whitepaper explains the trends and developments in computing that have made host-based behavioral analysis and exploit interception necessary elements of computer security and ...

Download PDF

2015 Threat Report

In this report we summarize the main trends and incidents seen in 2015 that impacted computer and mobile security, as well as developments related to digital privacy.

Download PDF

F-Secure Adblocker

This whitepaper outlines the technical principles and benefits of blocking third-party advertising content (as provided by the F-Secure ADBLOCKER app for iOS devices) to enhance the user's web browsing experience.

Download PDF

F-Secure Security Cloud

F-Secure Security Cloud is a cloud-based digital threat analysis system operated by F-Secure Corporation. It consists of a constantly growing and evolving knowledge base of digital threats fed by data from...

Download PDF

The Dukes

This whitepaper explores the tools - such as MiniDuke, CosmicDuke, OnionDuke, CozyDuke, etc- of the Dukes, a well-resourced, highly dedicated and organized cyberespionage group that we believe has been working for the Russian ...

Download PDF

H2 2014 Threat Report

In this report we summarize the latest trends and developments seen in H2 2014 affecting computer and mobile security, as well as issues related to digital privacy.

Download PDF


In this document we provide an overview of CozyDuke, a set of tools used by one or more malicious actors for performing targeted attacks against high profile organizations, such as governmental organizations and other entities that work closely with...

Download PDF

W64/Regin, Stage 1

In this document we describe the inner workings of the stage #1 of the complex malware threat by the name of Regin, specifically the version targeted at 64-bit machines running the Microsoft Windows operating system...

Download PDF

W32/Regin, Stage 1

In this document we analyze a set of 32-bit samples which represents stage #1 of the complex threat that is known as Regin. Based on our analysis of the malware's functionalities, this part of the Regin threat can be considered ...

Download PDF

BlackEnergy & Quedagh: The convergence of crimeware and APT attacks

BlackEnergy is a toolkit that has been used for years by various criminal outfits. In the summer of 2014 ...

Download PDF

H1 2014 Threat Report

The most notable trend in H1 2014 is the continued growth of ransomware and ransoming activities, on both desktop and mobile platforms. Meanwhile, Windows XP finally reached its end of life (EOL) mark on 8 April 2014...

Download PDF

Pitou: The "silent" resurrection of the notorious Srizbi kernel spambot

The recently observed Pitou threat shows similarities with the Srizbi spambot. In this whitepaper, we ...

Download PDF

COSMICDUKE: Cosmu with a twist of MiniDuke

CosmicDuke - the first malware seen to include code from both the notorious MiniDuke APT Trojan and another longstanding threat, the information-stealing Cosmu family. When active on an infected machine, CosmicDuke will ...

Download PDF

Lecpetex: Virtual currency mining gets social

Trojan:W32/Lecpetex is a Bitcoin miner that spreads via in zipped files attached to social engineered Facebook messages. Once installed on a machine, the malware silently performs its Bitcoin mining, and contacts a command and control (C&C) server ...

Download PDF

Mobile Threat Report Q1 2014

Mobile malware development in Q1 2014 continues to focus exclusively on the Android platform, continuing the inexorable trend we've seen in the last couple years.

Download PDF

Download Printer-friendly PDF

Threat Report H2 2013

News of alleged massive data gathering and online surveillance activities by state entities raises privacy concerns. A Tor-using botnet grows while the arrest of a suspected creator/operator upends the underground market in exploit kits; meanwhile, Android continues to dominate the mobile threat landscape.

Download PDF

Mobile Threat Report Q3 2013

In this quarterly report on mobile threats, we explore the latest news, including the "Masterkey" vulnerability and exploit apps; banking trojans; and other notable threats and trends for mobile malware in Q3 2013.

Download PDF

Threat Report H1 2013

Exploit-based attacks, particularly against the Java development platform, continue to dominate. New developments continue in mobile malware, ransomware, Mac malware and phishing, as Bitcoin comes of age. Meanwhile, hacks and intrusions aimed at tech companies gain major mainstream press.

Download PDF

Mobile Threat Report Q1 2013

While the raw amount of Android malware continues to rise significantly, it is the increased commoditization of those malware that is the more worrying trend. The Android malware ecosystem is beginning to resemble to that which surrounds Windows, where highly specialized suppliers provide commoditized malware services.

Download PDF

Threat Report H2 2012

The report focuses on three things that stood out in the second half of 2012: botnets (with special reference to ZeroAcess), exploits (particularly against the Java development platform) and banking trojans (Zeus). Also discussed are multi-platform attack in which a coordinated attack campaign is launched against ...

Download PDF

Mobile Threat Report Q4 2012

The rise of Android malware can be largely attributed to the operating system's increasing foothold in the mobile market. Android's market share has risen to 68.8% in 2012, compared to 49.2% in 2011. On the threat side, its share rose to 79% in 2012 from 66.7% in 2011.

Download PDF

Mobile Threat Report Q3 2012

Despite Android's dominance in the mobile threat landscape, the Symbian malware scene is far from dead. 21 new families and variants were discovered in the third quarter of 2012, a 17% increase compared to the second quarter.

Download PPT

Threat Report H1 2012

One of the most pervasive trends we saw in the computer threat landscape in the first half of 2012 was the expanding usage of vulnerability exploitation for malware distribution. This phenomenon is directly tied to the recent improvement in exploit kits - toolkits that allow malware operators to automatically create exploit code.

Download PDF

Mobile Threat Report Q2 2012

After a while on the scene, Android malware has begun to explore new methods of infection. In May 2012, the first Android malware to use the drive-by download method was spotted in the wild. A simple visit to a malicious website could render a device with certain configuration infected.

Download PDF

Mobile Threat Report Q1 2012

In Q1 2012, 37 new malware families and variants were discovered, which nearly quadrupled the number of new malware discovery a year earlier, in Q1 2011. Majority of these malware reap profit from sending messages to premium-rate numbers or subscribing customers to a premium service.

Download PDF

Flashback OS X Malware

This report was originally presented and published at VB2012.

In 2011, we saw OS X come under siege by several malware families. Towards the end of the year, we saw new families or variants appear almost every week, where each was more sophisticated than the last. At the forefront of these developments was the Flashback malware.

Download PDF

Mobile Threat Report Q4 2011

Android malware continues to expand rapidly in the fourth quarter of 2011, with malware originating from Russia forming a significant presence in the scene. Malware seen in the Russian domain has been the most widely distributed, with a single variant alone being found on a thousand unique Android application package files (APKs).

Download PDF

It's Signed, therefore it's Clean, right?

This document was originally presented at CARO 2010

This presentation discusses Authenticode signing, its usage by developers (particularly in the antivirus industry) and ways that code signing can be abused in order to spread malware and allow it to install

Download PDF

Threat Summaries Volume 1: 2011 - 2007

This document contains a compilation of all the Threat Summaries released by F-Secure Labs during the years 2007 to 2011, in reverse chronological order.

Download PDF

Threat Summaries Volume 1: 2006 - 2002

This document contains a compilation of all the Threat Summaries released by F-Secure Labs during the years 2002 to 2006, in reverse chronological order.

Download PDF