LATAM financial cybercrime: Competitors‑in‑crime sharing TTPs
ESET researchers discover surprisingly many indicators of close cooperation among Latin American banking trojans’ authors
Bio
ESET Research
Articles by author
Grandoreiro banking trojan impersonates Spain’s tax agency
Beware the tax bogeyman – there are tax scams aplenty
Mekotio: These aren’t the security updates you’re looking for…
Another in our occasional series demystifying Latin American banking trojans
Grandoreiro: How engorged can an EXE get?
Another in our occasional series demystifying Latin American banking trojans
Guildma: The Devil drives electric
The fourth installment of our occasional series demystifying Latin American banking trojans
Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
ESET researchers have discovered a new downloader with a novel, not previously seen in the wild installation technique
Mispadu: Advertisement for a discounted Unhappy Meal
Another in our occasional series demystifying Latin American banking trojans
Operation Ghost: The Dukes aren’t back – they never left
ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families
Casbaneiro: Dangerous cooking with a secret ingredient
Número dois in our series demystifying Latin American banking trojans
No summer vacations for Zebrocy
ESET researchers describe the latest components used in a recent Sednit campaign
ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group
ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East
Varenyky: Spambot à la Française
ESET researchers document malware-distributing spam campaigns targeting people in France
Sharpening the Machete
ESET research uncovers a cyberespionage operation targeting Venezuelan government institutions
From Carnaval to Cinco de Mayo – The journey of Amavaldo
The first in an occasional series demystifying Latin American banking trojans
LoudMiner: Cross‑platform mining in cracked VST software
The story of a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS
Wajam: From start‑up to massively‑spread adware
How a Montreal-made "social search engine" application has managed to become widely-spread adware, while escaping consequences
A journey to Zebrocy land
ESET sheds light on commands used by the favorite backdoor of the Sednit group
Buhtrap backdoor and Buran ransomware distributed via major advertising platform
Criminal activities against accountants on the rise – Buhtrap and RTM still active
DanaBot updated with new C&C communication
ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs
DanaBot evolves beyond banking Trojan with new spam‑sending capability
ESET research shows that DanaBot operators have been expanding the malware’s scope and possibly cooperating with another criminal group