Lukas Stefanko

Bio

Malware Researcher

Education: Masters in Informatic Engineering of the Technical University in Kosice

Highlights of your career? Malware Researcher

Position and history at ESET? Joined ESET as a Malware Researcher in 2011

What malware do you hate the most? Adware and ransomware

Favorite activities? Gym, squash, reading

What is your golden rule for cyberspace? Be reasonably paranoid

Favorite computer game/activity? Elasto Mania

Articles by author

Malware

Malware sidesteps Google permissions policy with new 2FA bypass technique

ESET analysis uncovers a novel technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions

Lukas Stefanko 17 Jun 2019 - 11:30AM

Malware

Fake cryptocurrency apps crop up on Google Play as bitcoin price rises

ESET researchers have analyzed fake cryptocurrency wallets emerging on Google Play at the time of bitcoin’s renewed growth

Lukas Stefanko 23 May 2019 - 11:30AM

Malware

Navigating the murky waters of Android banking malware

An interview with ESET malware researcher Lukáš Štefanko about Android banking malware, the topic of his latest white paper

Lukas Stefanko 15 Feb 2019 - 11:28AM

Cryptocurrency

First clipper malware discovered on Google Play

Cryptocurrency stealers that replace a wallet address in the clipboard are no longer limited to Windows or shady Android app stores

Lukas Stefanko 8 Feb 2019 - 11:58AM

Android

Android Trojan steals money from PayPal accounts even with 2FA on

ESET researchers discovered a new Android Trojan using a novel Accessibility-abusing technique that targets the official PayPal app, and is capable of bypassing PayPal’s two-factor authentication

Lukas Stefanko 11 Dec 2018 - 02:57PM

iOS

Scam iOS apps promise fitness, steal money instead

Fitness-tracking apps use dodgy in-app payments to steal money from unaware iPhone and iPad users

Lukas Stefanko 3 Dec 2018 - 01:44PM

Malware

Banking Trojans continue to surface on Google Play

The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users

Lukas Stefanko 24 Oct 2018 - 02:57PM

Scams

Fake finance apps on Google Play target users from around the world

Cybercrooks use bogus apps to phish six online banks and a cryptocurrency exchange

Lukas Stefanko 19 Sep 2018 - 02:58PM

Scams

Fake banking apps on Google Play leak stolen credit card data

Fraudsters are using bogus apps to convince users of three Indian banks to divulge their personal data

Lukas Stefanko 26 Jul 2018 - 02:58PM

Malware

New Telegram-abusing Android RAT discovered in the wild

Entirely new malware family discovered by ESET researchers

Lukas Stefanko 18 Jun 2018 - 02:58PM

Scams

Android users: Beware these popularity-faking tricks on Google Play

Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers

Lukas Stefanko 11 Jun 2018 - 02:58PM

Malware

Beware ad slingers thinly disguised as security apps

ESET researchers have analyzed a newly discovered set of apps on Google Play, Google's official Android app store, that pose as security applications. Instead of security, all they provide is unwanted ads and ineffective pseudo-security.

Lukas Stefanko 5 Apr 2018 - 04:01PM

Scams

Pingu Cleans Up: Subscription scam on Google Play

The game was uploaded to Google Play and attempted to trick users into unwittingly signing up for a weekly paid subscription

Lukas Stefanko 29 Mar 2018 - 02:58PM

Cryptocurrency

Cryptocurrency scams on Android: Do you know what to watch out for?

The recent rise in cryptocurrency scams appearing on the Android platform in disguise has shown that such incidents are not exclusive to PCs and also highlight the importance of knowing what to look out for so you do not unintentionally take part.

Lukas Stefanko 28 Feb 2018 - 09:58AM

Malware

Banking malware on Google Play targets Polish banks

Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.

Lukas Stefanko 11 Dec 2017 - 02:58PM

Malware

New campaigns spread banking malware through Google Play

For a user, it can be difficult to figure out whether an app is malicious. First off it is always good only to install applications from the Google Play store, since most malware is still mainly spread through alternative stores.

Lukas Stefanko 21 Nov 2017 - 02:55PM

Malware

Multi-stage malware sneaks into Google Play

In all the cases we investigated, the final payload was a mobile banking trojan. Once installed, it behaves like a typical malicious app of this kind: it may present the user with fake login forms to steal credentials or credit card details.

Lukas Stefanko 15 Nov 2017 - 02:58PM

Cryptocurrency

Fake cryptocurrency trading apps on Google Play

With all the hype around cryptocurrencies, cybercriminals are trying to grab whatever new opportunity they can – be it hijacking users’ computing power to mine cryptocurrencies via browsers or by compromising unpatched machines, or various scam schemes utilizing phishing websites and fake apps.

Lukas Stefanko 23 Oct 2017 - 02:56PM

Trojan

BankBot trojan returns to Google Play with new tricks

The Android banking trojan that we first informed about in the beginning of this year has found its way to Google Play again and contains new tricks designed to get access to the private banking information of the user.

Lukas Stefanko 25 Sep 2017 - 02:54PM

Malware