Education: Masters in Informatic Engineering of the Technical University in Kosice
Highlights of your career? Malware Researcher
Position and history at ESET? Joined ESET as a Malware Researcher in 2011
What malware do you hate the most? Adware and ransomware
Favorite activities? Gym, squash, reading
What is your golden rule for cyberspace? Be reasonably paranoid
Favorite computer game/activity? Elasto Mania
ESET researchers discovered a new Android Trojan using a novel Accessibility-abusing technique that targets the official PayPal app, and is capable of bypassing PayPal’s two-factor authentication
Fitness-tracking apps use dodgy in-app payments to steal money from unaware iPhone and iPad users
The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users
Cybercrooks use bogus apps to phish six online banks and a cryptocurrency exchange
Fraudsters are using bogus apps to convince users of three Indian banks to divulge their personal data
Entirely new malware family discovered by ESET researchers
Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers
ESET researchers have analyzed a newly discovered set of apps on Google Play, Google's official Android app store, that pose as security applications. Instead of security, all they provide is unwanted ads and ineffective pseudo-security.
The game was uploaded to Google Play and attempted to trick users into unwittingly signing up for a weekly paid subscription
The recent rise in cryptocurrency scams appearing on the Android platform in disguise has shown that such incidents are not exclusive to PCs and also highlight the importance of knowing what to look out for so you do not unintentionally take part.
Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.
For a user, it can be difficult to figure out whether an app is malicious. First off it is always good only to install applications from the Google Play store, since most malware is still mainly spread through alternative stores.
In all the cases we investigated, the final payload was a mobile banking trojan. Once installed, it behaves like a typical malicious app of this kind: it may present the user with fake login forms to steal credentials or credit card details.
With all the hype around cryptocurrencies, cybercriminals are trying to grab whatever new opportunity they can – be it hijacking users’ computing power to mine cryptocurrencies via browsers or by compromising unpatched machines, or various scam schemes utilizing phishing websites and fake apps.
The Android banking trojan that we first informed about in the beginning of this year has found its way to Google Play again and contains new tricks designed to get access to the private banking information of the user.
ESET researchers have discovered another banking trojan on Google Play targeting Android users – this time disguised as a Flashlight widget.
ESET researchers have discovered and reported scammers stealing PayPal and Paxful credentials disguised as a tool for YouTube monetization, and a bitcoin trading marketplace.
ESET researchers have discovered 87 malicious apps on Google Play disguised as mods for Minecraft.
ESET researchers discovered 13 new Instagram credential stealers on Google play and looked into the motivations behind their fraudulent schemes.
ESET researchers have observed an increased number of apps on Google Play using social engineering techniques to boost their ratings, ranging from legitimate apps, through adware to malware.
