Robert Lipovsky

Bio

Senior Malware Researcher

Education? Master’s Degree in Computer Science from the Slovak University of Technology in Bratislava

Highlights of your career? Giving presentations at several security conferences, including EICAR, CARO, and Virus Bulletin.

Position and history at ESET? Malware Researcher since 2007, currently holds the position Security Intelligence Team Lead.

What malware do you hate the most? Grayware/PUAs – when malware authors complain about detection and try to convince you they’re not malware.

Favorite activities? Snowboarding, listening to music, playing guitar…

What is your golden rule for cyberspace? Be reasonably paranoid..

When did you get your first computer and what kind was it? During primary school. It was an Intel 8088 palmtop, used it for programming in GW-BASIC 

Favorite computer game/activity? Project I.G.I.

Articles by author

Cybercrime

GreyEnergy: Updated arsenal of one of the most dangerous threat actors

ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks

Anton Cherepanov and Robert Lipovsky 17 Oct 2018 - 11:55AM

TeleBots

New TeleBots backdoor: First evidence linking Industroyer to NotPetya

ESET’s analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven

Anton Cherepanov and Robert Lipovsky 11 Oct 2018 - 01:57PM

spyware

ESET’s guide makes it possible to peek into FinFisher

To help malware analysts and security researchers overcome FinFisher’s advanced anti-disassembly obfuscation and virtualization features, ESET researchers have framed some clever tricks into a whitepaper, “ESET’s guide to deobfuscating and devirtualizing FinFisher”.

Robert Lipovsky and Filip Kafka 23 Jan 2018 - 06:50PM

Cybersecurity

Seven years after Stuxnet: Industrial systems security once again in the spotlight

Seven years after Stuxnet first came to light, industrial systems security once again in the spotlight, reports ESET's Robert Lipovsky.

Robert Lipovsky 16 Jun 2017 - 03:00PM

Malware

Industroyer: Biggest threat to industrial control systems since Stuxnet

ESET has analyzed a sophisticated and extremely dangerous malware, known as Industroyer, which is designed to disrupt critical industrial processes.

Anton Cherepanov and Robert Lipovsky 12 Jun 2017 - 02:00PM

Ransomware

KillDisk now targeting Linux: Demands $250K ransom, but can’t decrypt

ESET has discovered a Linux variant of the KillDisk component that renders Linux machines unbootable, while encrypting files and requesting a large ransom at the same time.

Robert Lipovsky and Peter Kálnai 5 Jan 2017 - 03:00PM

Cybercrime

Operation Groundbait: Espionage in Ukrainian war zones

After BlackEnergy and Operation Potao Express, ESET researchers have uncovered another cyberespionage operation in Ukraine: Operation Groundbait.

Robert Lipovsky and Anton Cherepanov 18 May 2016 - 02:30PM

News

The rise of Android ransomware

Lock-screen types and file-encrypting “crypto-ransomware”, both of which have been causing major financial and data losses for many years, have made their way to the Android platform. ESET has prepared a topical white paper on the growth of this insidious Android malware.

Robert Lipovsky and Lukas Stefanko 18 Feb 2016 - 10:49AM

Cybercrime

New wave of cyberattacks against Ukrainian power industry

ESET has discovered a new wave of cyberattacks attacks against Ukraine's electric power industry. Interesting, the malware that was used is not BlackEnergy.

Robert Lipovsky 20 Jan 2016 - 06:59PM

Cybercrime

BlackEnergy trojan strikes again: Attacks Ukrainian electric power industry

The recent attacks on the electrical power industry in Ukraine are connected to attacks on the media and to targeted cyber-espionage attacks against Ukrainian governmental agencies.

Robert Lipovsky and Anton Cherepanov 4 Jan 2016 - 12:49PM

News

The Trojan Games: Odlanor malware cheats at poker

Every now and again, ESET comes across an attack that "stands out". Odlanor malware fits that bill - this unique trojan targets players of online poker.

Robert Lipovsky 17 Sep 2015 - 12:49PM

espionage

Operation Potao Express: Analysis of a cyber‑espionage toolkit

Operation Patao Express – Attackers spying on high-value targets in Ukraine, Russia and Belarus, and their TrueCrypt-encrypted data.

Robert Lipovsky and Anton Cherepanov 30 Jul 2015 - 10:49AM

Malware

Apps on Google Play Steal Facebook Credentials

Over 500,000 Android users targeted by phishing apps harvesting their Facebook credentials. ESET detects these trojans as Android/Spy.Feabme.A.

Robert Lipovsky and Lukas Stefanko 9 Jul 2015 - 01:16PM

News

Virlock: First Self‑Reproducing Ransomware is also a Shape Shifter

Win32/VirLock is ransomware that locks victims’ screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.

Robert Lipovsky 22 Dec 2014 - 01:55PM

RAT

Korplug military targeted attacks: Afghanistan & Tajikistan

After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one

Robert Lipovsky 12 Nov 2014 - 03:17PM

Cybercrime

CVE‑2014‑4114: Details on August BlackEnergy PowerPoint Campaigns

In this post we provide additional information on how a specially crafted PowerPoint slideshow file (.PPSX) led to the execution of a BlackEnergy dropper.

Robert Lipovsky 14 Oct 2014 - 03:29PM

Malware

Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that's evolved into a sophisticated threat with a modular architecture.

Robert Lipovsky 22 Sep 2014 - 10:19PM

Android

Krysanec trojan: Android backdoor lurking inside legitimate apps

One of the most important pieces of advice we give Android users is to refrain from downloading applications from dubious sources and to stick to the official Google Play store, where malware does show up from time to time but is much better controlled, thanks to the Google Bouncer, than on alternative app stores.

Robert Lipovsky 12 Aug 2014 - 12:21PM

Android

Android/Simplocker using FBI child‑abuse warnings to scare victims into paying $300

Last time we wrote about Android/Simplocker – the first ransomware for Android that actually encrypts user files – we discussed different variants of the malware and various distribution vectors that we’ve observed. Android/Simplocker has proven to be an actual threat in-the-wild in spite of its weaknesses…

Robert Lipovsky 22 Jul 2014 - 12:12PM

Android

UPDATED: Simplocker ransomware: New variants spread by Android downloader apps

ESET LiveGrid® telemetry has indicated several new infection vectors used by Android/Simplocker. The “typical” ones revolve around internet porn, or popular games like Grand Theft Auto: San Andreas.

Robert Lipovsky 25 Jun 2014 - 07:28AM

Android

ESET Analyzes Simplocker – First Android File‑Encrypting, TOR‑enabled Ransomware

Last weekend saw the (somewhat anticipated) discovery of an interesting mobile trojan – the first spotting of a file-encrypting ransomware for Android by our detection engineers.

Robert Lipovsky 4 Jun 2014 - 12:36PM

Ransomware

Cryptolocker 2.0 – new version, or copycat?

Last month we discovered filecoder malware which called itself “Cryptolocker 2.0”. Naturally, we wondered if this is a newer version of the widespread ransomware from the creators of the first. We look at the details that hint that it might have been created by some other, unknown, cybercrime gang.

Robert Lipovsky 19 Dec 2013 - 05:15PM

Ransomware

Filecoder: Holding your data to ransom

Trojans that encrypt user files and try to extort a ransom from the victim in exchange for a decryptor utility are nothing new. We’ve noted a significant increase in Filecoder activity over the past few summer months - in this blog post we address the questions we’re getting about this issue.

Robert Lipovsky 23 Sep 2013 - 06:49PM