Eugene Kaspersky
Eugene Kaspersky

Kaspersky Lab is seeking an appeal in the US federal court against the US Department of Homeland Security's (DHS) decision on Binding Operational Directive 17-01 banning the use of the company's products in US federal agencies.

Kaspersky Lab reached out to DHS in mid-July, offering to provide any information or assistance concerning the company, its operations, or its products. In mid-August, DHS confirmed receipt of the company's letter, appreciating the offer to provide information and expressing interest in future communications with Kaspersky Lab regarding the matter. However, the next communication from DHS to Kaspersky Lab was notification regarding the issuance of Binding Operational Directive 17-01 on 13 September, 2017.

Kaspersky Lab says that the DHS action has caused permanent damage to it by damaging its reputation and banning sales in the US to companies supplying government. It has also wrongly called into question the company's loyalty to customers and ability to protect customers and stop cyber-attacks, regardless of their origin or purpose according to Kaspersky.

“Because Kaspersky Lab has not been provided a fair opportunity in regards to the allegations and no technical evidence has been produced to validate DHS's actions, it is in the company's interests to defend itself in this matter. Regardless of the DHS decision, we will continue to do what really matters: make the world safer from cyber-crime,” said Eugene Kaspersky, CEO of Kaspersky Lab.

Kaspersky Lab launched a Global Transparency Initiative at the end of October showing that it is going through checks on its systems and trying to make sure that everything within the company is transparently in accordance with the law.

In a separate development, Kaspersky Lab researchers continue their fight against malware and today announced the identification of an intriguing new malware with multiple modules, which allows for an almost endless number of malicious features - from cryptocurrency mining to DDoS attacks. Due to its modular architecture, even more functions can be added to it. This unusual and powerful malicious software is called Loapi.

Loapi stands out from the crowd of various single-functional Android malware, including banking Trojans, crypto mining trojans, etc, because it has a complex modular architecture that allows it to perform almost limitless actions on a compromised device. The Loapi trojan is being spread through advertising campaigns under the guise of antivirus solutions or apps for adults. Once installed, applications request device admin rights and then discreetly initiate communications with command and control servers to install additional modules.

Loapi has the capacity to protect itself. As soon as a user tries to revoke device admin rights, the malware blocks the device's screen, and closes the window. In addition to this standard protection technique, Loapi can receive a list of applications that are dangerous to it from the command and control servers – these are often security solutions, which intend to remove the malware. If an installed or running application is on the list, the Trojan shows users a fake message saying malicious software has been found, and offering users the chance to remove the application. The message is shown in a loop, thus, even if the user refuses to delete the app at first, the message will be displayed again and again until the user finally agrees.