Marc-Etienne M.Léveillé

Bio

Senior Malware Researcher

Education:Software Engineering student at École de Technologie supérieure

Highlights of your career? Winning the first Péter Szőr award for our research on Operation Windigo.

Position and history at ESET? Malware Researcher since January 2012

What malware do you hate the most? Malware that steals money or destroys documents

Favorite activities? Photography, Cycling, Playing the clarinet

When did you get your first computer and what kind was it? I remember playing with the TI-99 of my grandfather, but this first one I broke was his 486SX by editing the config.sys file incorrectly.

Favorite computer game/activity? CTF competitions

Articles by author

Malware

Kobalos – A complex Linux threat to high performance computing infrastructure

ESET researchers publish a white paper about unique multiplatform malware they’ve named Kobalos

Marc-Etienne M.Léveillé and Ignacio Sanmillan 2 Feb 2021 - 11:30AM

Malware

Mac cryptocurrency trading application rebranded, bundled with malware

ESET researchers lure GMERA malware operators to remotely control their Mac honeypots

Marc-Etienne M.Léveillé 16 Jul 2020 - 11:30AM

Malware

Connecting the dots: Exposing the arsenal and methods of the Winnti Group

New ESET white paper released describing updates to the malware arsenal and campaigns of this group known for its supply-chain attacks

Marc-Etienne M.Léveillé and Mathieu Tartare 14 Oct 2019 - 11:30AM

Malware

Gaming industry still in the scope of attackers in Asia

Asian game developers again targeted in supply-chain attacks distributing malware in legitimately signed software

Marc-Etienne M.Léveillé 11 Mar 2019 - 11:27AM

Linux

The Dark Side of the ForSSHe

ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats

Marc-Etienne M.Léveillé 5 Dec 2018 - 02:57PM

Malware

VestaCP compromised in a new supply‑chain attack

Customers see their admin credentials stolen and their servers infected with Linux/ChachaDDoS

Marc-Etienne M.Léveillé 18 Oct 2018 - 10:54AM

Cybersecurity

Inside fake Interac transfer and tax refund SMS phishing

It’s tax season in Canada and scammers are using fake tax refund forms to lure victims into supplying their personal information via phishing pages

Marc-Etienne M.Léveillé 9 May 2018 - 05:58PM

Cybercrime

ESET research team assists FBI in Windigo case – Russian citizen sentenced to 46 months

Relating the collaboration between ESET experts and the FBI about the Windigo's operation, which ended with the sentencing of Maxim Senakh.

Marc-Etienne M.Léveillé 30 Oct 2017 - 11:59AM

Ransomware

Bad Rabbit: Not‑Petya is back with improved ransomware

A new ransomware outbreak today has hit some major infrastructure in Ukraine including Kiev metro. Here are some details about this new variant of Petya.

Marc-Etienne M.Léveillé 24 Oct 2017 - 08:48PM

News

Birthday Reminder looks benign but the devil’s in the details: Hooks DNS, serves dodgy ads

The strange behavior of a simple Windows application caught our attention and sparked the analysis by ESET of a previously undocumented malware.

Marc-Etienne M.Léveillé 22 Jun 2017 - 03:00PM

Ransomware

New crypto‑ransomware hits macOS

This last month we have seen a new ransomware for Mac. Written in Swift, it is distributed on BitTorrent distribution site as “Patcher” for pirating popular software.

Marc-Etienne M.Léveillé 22 Feb 2017 - 02:00PM

Ransomware

TorrentLocker: Crypto‑ransomware still active, using same tactics

ESET has carried out analysis of new samples of the crypto-ransomware family TorrentLocker, to compare the 2016 campaigns against its research in late 2014.

Marc-Etienne M.Léveillé 1 Sep 2016 - 02:34PM

Malware

New OSX/Keydnap malware is hungry for credentials

For the last few weeks, ESET has been investigating OSX/Keydnap, a malware that steals the content of the keychain while maintaining a permanent backdoor.

Marc-Etienne M.Léveillé 6 Jul 2016 - 02:30PM

Cybercrime

Mumblehard takedown ends army of Linux servers from spamming

One year after the release of the technical analysis of the Mumblehard Linux botnet, it is no longer active. ESET, in collaboration with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the botnet, stopping its spamming activities.

Marc-Etienne M.Léveillé 7 Apr 2016 - 02:45PM

Malware

Meet Remaiten – a Linux bot on steroids targeting routers and potentially other IoT devices

ESET researchers are actively monitoring malware that targets embedded systems such as routers, gateways and wireless access points. We call this new threat Linux/Remaiten.

Michal Malik and Marc-Etienne M.Léveillé 30 Mar 2016 - 02:49PM

Threats

Multi‑stage exploit installing trojan

Earlier this year, a new type of trojan caught the attention of ESET researchers. This article will take a deep dive into how the exploit works and briefly describe the final payload.

Marc-Etienne M.Léveillé 20 Oct 2015 - 12:49PM

Spam

Unboxing Linux/Mumblehard: Muttering spam from your servers

Today, ESET researchers reveal a family of Linux malware that stayed under the radar for more than 5 years. We have named this family Linux/Mumblehard. A white paper about this threat is available for download on WeLiveSecuriy.

Marc-Etienne M.Léveillé 29 Apr 2015 - 12:50PM

Ransomware

CryptoFortress mimics TorrentLocker but is a different ransomware

ESET assess the differences between CryptoFortress and TorrentLocker: two very different strains of ransomware.

Marc-Etienne M.Léveillé 9 Mar 2015 - 05:25PM

Cybercrime

TorrentLocker — Ransomware in a country near you

Today, we are publishing research on ransomware that emerged in 2014. We have posted blog articles about this threat before, to raise awareness when we realized the criminals were targeting the United Kingdom and Spain.

Marc-Etienne M.Léveillé 16 Dec 2014 - 02:30PM

Malware

TorrentLocker now targets UK with Royal Mail phishing

Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims’ documents. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute “package tracking information”. In August, only Australians were targeted with fake Australian Post package-tracking page. While

Marc-Etienne M.Léveillé 4 Sep 2014 - 08:00PM