Author
ESET Research
ESET Research
Go to latest posts

Sednit update: How Fancy Bear Spent the Year

Over the past few years the Sednit group has used various techniques to deploy their various components on targets computers. The attack usually starts with an email containing either a malicious link or malicious attachment.

OSX/Proton spreading again through supply-chain attack

Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.

DoubleLocker: Innovative Android Ransomware

DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data it finds in them – a combination that has not been seen previously in the Android ecosystem.

Mid-year review: Have our security trends for 2017 become reality?

We are halfway through the year and it is a good opportunity to analyze the extent to which the ideas we gathered in the Trends 2017: Security Held Ransom report have come true.

Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy

Sednit is back – this time with two more zero-day exploits embedded in a phishing email titled Trump’s_Attack_on_Syria_English.docx.

Linux Shishiga malware using LUA scripts

The usage of the BitTorrent protocol and Lua modules separates Linux/Shishiga from other types of malware, according to analysis by ESET.

Sathurbot: Distributed WordPress password attack

This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts.

Carbon Paper: Peering into Turla’s second stage backdoor

The Turla espionage group has been targeting various institutions for many years. Recently, ESET found several new versions of Carbon.

Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads

Millions of readers who visit popular news websites have been targeted by a series of malicious ads redirecting them to the Stegano exploit kit.

Cybercriminals target Brazilian routers with default credentials

Criminals are hunting for routers with default credentials and with vulnerabilities in their firmware, with Brazilians the main target.

OSX/Keydnap spreads via signed Transmission application

During the last hours, OSX/Keydnap was distributed on a trusted website, which turned out to be “something else”. It spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website.

Windows exploitation in 2015

Hacking Team exploits and new security features in Google Chrome and Microsoft Edge are just a few of the highlights of ESET’s annual Windows exploitation in 2015 report.

ESET predictions and trends for cybercrime in 2016

It’s that time of the year when the information security industry takes part in its annual tradition: coming up with cybercrime predictions and trends for the next 12 months.

Sednit APT Group Meets Hacking Team

The infamous Sednit espionage group is currently using the Hacking Team exploits disclosed earlier this week to target eastern European institutions.

Windows exploitation in 2014

Today, we published our research about Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.

Cybercrime Trends & Predictions for 2015

As regular readers will know, every year we publish our predictions on cybercrime attacks for the year ahead. Well, our South American research team has spent the last few weeks putting together our predictions for 2015.

First exploitation of Internet Explorer ‘Unicorn bug’ in-the-wild

Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability is significant because it exploits an old bug present in Internet Explorer versions 3 through 11.

G20 2014 Summit Lure used to target Tibetan activists

APT actors trying to use big events as a lure to compromise their targets is nothing new. Tibetan NGOs being targeted by APT actors is also nothing new. Thus, surrounding the upcoming G20 2014 summit that is held in Brisbane, Australia, we were expecting to see G20 themed threats targeted at Tibetan NGOs. A Win32/Farfli (alias Gh0st RAT) sample ultimately confirmed our suspicions.

Sednit espionage group now using custom exploit kit

For at least five years the Sednit group has been relentlessly attacking various institutions, most notably in Eastern Europe. The group used several advanced pieces of malware for these targeted attacks, in particular the one we named Win32/Sednit, also known as Sofacy.

Gamescom 2014: World of Malware?

The gaming industry keeps growing, and the crowds at Cologne’s Gamescom 2014, show why big game titles are rapidly becoming a target for cybercrime. Our tips will help you enjoy the latest games – without hackers declaring ‘Game Over’.

Imitation is not always the sincerest form of flattery

Since its release in 2007, ESET Smart Security has received many accolades for its antimalware, antispam and firewall functions.  However, we have recently been the recipient of a very dubious honor; a rogue antivirus program which masquerades as our own software. The Rogues Gallery Rogue antivirus is a loose family of programs that claim to

Insider Threat: Malware on your ATM

  Insider Threat – your ATM may now be hacked from the inside. According to Wired’s Threat Level Blog… A Bank of America worker installed malicious software on his employer’s ATMs that allowed him to make thousands of dollars in fraudulent withdrawals, all without leaving a transaction record, according to federal prosecutors. According to the

How to Get Security All Wrong

I suppose I could make this a really short blog and simply say “Do it like the TSA does”. It would be accurate, but perhaps doesn’t explain enough. In case you don’t know, TSA is said to stand for “Transportation Security Administration”, but I tend to think it means Terrorist Support Agency, as they do

PayPal Admits to Phishing Users

Yes, it is true, I am not making this up. I do not believe that PayPal has stolen anything from users, but they have told me that their own email is phishing. Here’s what happened. I sent them one of their own legitimate emails and told them it was a bad idea to include a

The Perils of Craig’s List

Frankly, I am really amazed that Craig’s list has not been much more attacked. They must be doing something right. Still, the opportunities for social engineering attacks seem quite bountiful to me. So far the majority of scams I have heard about involve old fashioned attacks, like having someone send an item they sold after

What if your Virusproof Computer Catches a Virus?

An Australian company claims to have launched a “virus-proof” computer. They even say “ A fast, easy to use, computer that never gets viruses, EVER !” and then on the same page say “In the rare event that you manage to catch a virus on your virus-proof computer, we will re-load both Zone 1 and

Follow us

Copyright © 2018 ESET, All Rights Reserved.