category
More Technical

Operation Groundbait: Espionage in Ukrainian war zones

After BlackEnergy and Operation Potao Express, ESET researchers have uncovered another cyberespionage operation in Ukraine: Operation Groundbait.

Exploiting 1-byte buffer overflows

Matías Porolli shows how exploit another classic buffer overflow vulnerability, in which the ebp register is moved to execute an arbitrary code.

Ransomware is everywhere, but even black hats make mistakes

Ransomware is everywhere. At least that might be the impression left by a seemingly endless stream of news reports on recent cyberattacks, reports ESET’s Ondrej Kubovič.

My video, My first video, Private video: Don’t fall for this Facebook scam

My video, My first video, Private video: Don’t fall for this Facebook scam, which is infecting accounts around the world with a very high rate of success.

Mumblehard takedown ends army of Linux servers from spamming

One year after the release of the technical analysis of the Mumblehard Linux botnet, it is no longer active. ESET, in collaboration with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the botnet, stopping its spamming activities.

Buying Ray-Bans? Don’t fall for this Facebook scam

Recently, we’ve observed a new wave of scams on Facebook. Crooks are luring social network users to visit bogus Ray-Ban e-shops and buy heavily discounted sunglasses there. Victims’ payment card details are at risk.

Analysis of the Locky infection process

In recent months, there has been a significant increase in the number of networks and users affected by ransomware known as Locky, discusses ESET’s Diego Perez.

Meet Remaiten – a Linux bot on steroids targeting routers and potentially other IoT devices

ESET researchers are actively monitoring malware that targets embedded systems such as routers, gateways and wireless access points. We call this new threat Linux/Remaiten.

New self-protecting USB trojan able to avoid detection

A unique data-stealing trojan has been spotted on USB devices in the wild – and it is different from typical data-stealing malware, reports ESET’s Tomáš Gardoň.

Trojan Downloaders on the rise: Don’t let Locky or TeslaCrypt ruin your day

Weeks after it started attacking and encrypting victims’ information, Locky is still targeting many users. Here’s what you need to know about this threat.

Android banking trojan masquerades as Flash Player and bypasses 2FA

This malware masquerades as Flash Player, behaves like a screen locker, and can bypass two-factor authentication. This combination of features turns it into a powerful tool for stealing money from victims’ bank accounts.

New Mac ransomware appears: KeRanger, spread via Transmission app

New ransomware infecting Apple OS X surfaced on March 4th, 2016, with the emergence of KeRanger. The first inkling of trouble came at the weekend.

The rise of Android ransomware

Lock-screen types and file-encrypting “crypto-ransomware”, both of which have been causing major financial and data losses for many years, have made their way to the Android platform. ESET has prepared a topical white paper on the growth of this insidious Android malware.

How to isolate VBS or JScript malware with Visual Studio

ESET has seen a rise in malware developed using scripting languages. We can understand the threats better by isolating them in a dynamic analysis environment.

BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry

The cybercriminal group behind BlackEnergy, the malware family that has been around since 2007 and has made a comeback in 2014, was also active in the year 2015.

Nemucod malware spreads ransomware Teslacrypt around the world

ESET has recently observed a huge increase in detections of the Nemucod trojan, a threat that usually tries to download another malware from the internet. Those detections ratios were very high in some countries.

News from the Dorkside: Dorkbot botnet disrupted

Law enforcement agencies from around the globe, aided by Microsoft security researchers, today announced the disruption of one of the most widely distributed malware families – Win32/Dorkbot.

Operation Buhtrap malware distributed via ammyy.com

The free version of Ammyy’s remote administrator software were being served a bundle that contained an NSIS installer used by the gang behind Operation Buhtrap.

Multi-stage exploit installing trojan

Earlier this year, a new type of trojan caught the attention of ESET researchers. This article will take a deep dive into how the exploit works and briefly describe the final payload.

Brolux trojan targeting Japanese online bankers

A banking trojan, detected by ESET as Win32/Brolux.A, is targeting Japanese internet banking users and spreading through at least two vulnerabilities: a Flash vulnerability leaked in the Hacking Team hack and the so-called unicorn bug, a vulnerability in Internet Explorer.

Follow us

Copyright © 2016 ESET, All Rights Reserved.