Varenyky: Spambot à la Française
ESET researchers document malware-distributing spam campaigns targeting people in France
Bio
ESET Research
Articles by author
Sharpening the Machete
ESET research uncovers a cyberespionage operation targeting Venezuelan government institutions
From Carnaval to Cinco de Mayo – The journey of Amavaldo
The first in an occasional series demystifying Latin American banking trojans
LoudMiner: Cross‑platform mining in cracked VST software
The story of a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS
Wajam: From start‑up to massively‑spread adware
How a Montreal-made "social search engine" application has managed to become widely-spread adware, while escaping consequences
A journey to Zebrocy land
ESET sheds light on commands used by the favorite backdoor of the Sednit group
D‑Link camera vulnerability allows attackers to tap into the video stream
ESET researchers highlight a series of security holes in a device intended to make homes and offices more secure
Buhtrap backdoor and ransomware distributed via major advertising platform
Criminal activities against accountants on the rise – Buhtrap and RTM still active
DanaBot updated with new C&C communication
ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs
DanaBot evolves beyond banking Trojan with new spam‑sending capability
ESET research shows that DanaBot operators have been expanding the malware’s scope and possibly cooperating with another criminal group
Sednit: What’s going on with Zebrocy?
In August 2018, Sednit’s operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats
Emotet launches major new spam campaign
The recent spike in Emotet activity shows that it remains an active threat
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe
DanaBot shifts its targeting to Europe, adds new features
ESET researchers have discovered new DanaBot campaigns targeting a number of European countries
Turla Mosquito: A shift towards more generic tools
ESET researchers have observed a significant change in the campaign of the infamous espionage group
Sednit update: Analysis of Zebrocy
Zebrocy heavily used by the Sednit group over last two years
Sednit update: How Fancy Bear Spent the Year
Over the past few years the Sednit group has used various techniques to deploy their various components on targets computers. The attack usually starts with an email containing either a malicious link or malicious attachment.
OSX/Proton spreading again through supply‑chain attack
Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.
DoubleLocker: Innovative Android Ransomware
DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data it finds in them - a combination that has not been seen previously in the Android ecosystem.
Mid‑year review: Have our security trends for 2017 become reality?
We are halfway through the year and it is a good opportunity to analyze the extent to which the ideas we gathered in the Trends 2017: Security Held Ransom report have come true.