Marc-Etienne M.Léveillé, Author at WeLiveSecurity

Bio

Marc-Etienne M.Léveillé

Malware Researcher

Education:Software Engineering student at École de Technologie supérieure

Highlights of your career? OSX/Flashback analysis

Position and history at ESET? Malware Researcher since January 2012

What malware do you hate the most? Malware that steals money or destroys documents

Favorite activities? Photography, Cycling, Playing the clarinet

When did you get your first computer and what kind was it? I rember playing with the TI-99 of my grandfather. At the time it was only playing simple games ;)

Favorite computer game/activity? CTF competitions

Articles by author

Malware

VestaCP compromised in a new supply-chain attack

Customers see their admin credentials stolen and their servers infected with Linux/ChachaDDoS

Marc-Etienne M.Léveillé 18 Oct 2018 - 10:54AM

Cybersecurity

Inside fake Interac transfer and tax refund SMS phishing

It’s tax season in Canada and scammers are using fake tax refund forms to lure victims into supplying their personal information via phishing pages

Marc-Etienne M.Léveillé 9 May 2018 - 05:58PM

Cybercrime

ESET research team assists FBI in Windigo case – Russian citizen sentenced to 46 months

Relating the collaboration between ESET experts and the FBI about the Windigo's operation, which ended with the sentencing of Maxim Senakh.

Marc-Etienne M.Léveillé 30 Oct 2017 - 11:59AM

Ransomware

Bad Rabbit: Not-Petya is back with improved ransomware

A new ransomware outbreak today has hit some major infrastructure in Ukraine including Kiev metro. Here are some details about this new variant of Petya.

Marc-Etienne M.Léveillé 24 Oct 2017 - 08:48PM

News

Birthday Reminder looks benign but the devil’s in the details: Hooks DNS, serves dodgy ads

The strange behavior of a simple Windows application caught our attention and sparked the analysis by ESET of a previously undocumented malware.

Marc-Etienne M.Léveillé 22 Jun 2017 - 03:00PM

Ransomware

New crypto-ransomware hits macOS

This last month we have seen a new ransomware for Mac. Written in Swift, it is distributed on BitTorrent distribution site as “Patcher” for pirating popular software.

Marc-Etienne M.Léveillé 22 Feb 2017 - 02:00PM

Ransomware

TorrentLocker: Crypto-ransomware still active, using same tactics

ESET has carried out analysis of new samples of the crypto-ransomware family TorrentLocker, to compare the 2016 campaigns against its research in late 2014.

Marc-Etienne M.Léveillé 1 Sep 2016 - 02:34PM

Malware

New OSX/Keydnap malware is hungry for credentials

For the last few weeks, ESET has been investigating OSX/Keydnap, a malware that steals the content of the keychain while maintaining a permanent backdoor.

Marc-Etienne M.Léveillé 6 Jul 2016 - 02:30PM

Cybercrime

Mumblehard takedown ends army of Linux servers from spamming

One year after the release of the technical analysis of the Mumblehard Linux botnet, it is no longer active. ESET, in collaboration with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the botnet, stopping its spamming activities.

Marc-Etienne M.Léveillé 7 Apr 2016 - 02:45PM

Malware

Meet Remaiten – a Linux bot on steroids targeting routers and potentially other IoT devices

ESET researchers are actively monitoring malware that targets embedded systems such as routers, gateways and wireless access points. We call this new threat Linux/Remaiten.

Michal Malik and Marc-Etienne M.Léveillé 30 Mar 2016 - 02:49PM

Threats

Multi-stage exploit installing trojan

Earlier this year, a new type of trojan caught the attention of ESET researchers. This article will take a deep dive into how the exploit works and briefly describe the final payload.

Marc-Etienne M.Léveillé 20 Oct 2015 - 12:49PM

Spam

Unboxing Linux/Mumblehard: Muttering spam from your servers

Today, ESET researchers reveal a family of Linux malware that stayed under the radar for more than 5 years. We have named this family Linux/Mumblehard. A white paper about this threat is available for download on WeLiveSecuriy.

Marc-Etienne M.Léveillé 29 Apr 2015 - 12:50PM

Ransomware

CryptoFortress mimics TorrentLocker but is a different ransomware

ESET assess the differences between CryptoFortress and TorrentLocker: two very different strains of ransomware.

Marc-Etienne M.Léveillé 9 Mar 2015 - 05:25PM

Cybercrime

TorrentLocker — Ransomware in a country near you

Today, we are publishing research on ransomware that emerged in 2014. We have posted blog articles about this threat before, to raise awareness when we realized the criminals were targeting the United Kingdom and Spain.

Marc-Etienne M.Léveillé 16 Dec 2014 - 02:30PM

Malware

TorrentLocker now targets UK with Royal Mail phishing

Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims’ documents. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute “package tracking information”. In August, only Australians were targeted with fake Australian Post package-tracking page. While

Marc-Etienne M.Léveillé 4 Sep 2014 - 08:00PM

Malware

An In-depth Analysis of Linux/Ebury

In this blog post, we provide an in-depth analysis of Linux/Ebury - the most sophisticated Linux backdoor ever seen by our researchers. It is built to steal OpenSSH credentials and maintain access to a compromised server.

Marc-Etienne M.Léveillé 21 Feb 2014 - 03:35PM

Malware

Known unknowns – detecting rootkits under OS X

We think that there could be rootkits targeting the OS X platform, but we have very limited visibility into that threat right now. We know that we don’t know. Today, ESET is releasing a simple tool to detect rootkits on OS X.

Marc-Etienne M.Léveillé 23 Sep 2013 - 12:57PM

Linux

Linux/Cdorked.A malware: Lighttpd and nginx web servers also affected

Some 400 web servers found infected with Linux/Cdorked.A. including 50 in Alexa’s top 100,000 websites. And this backdoor has been applied to Lighttpd and nginx binaries in addition to Apache.

Marc-Etienne M.Léveillé 7 May 2013 - 03:20PM