Introducing IPyIDA: A Python plugin for your reverse‑engineering toolkit
ESET Research announces IPyIDA 2.0, a Python plugin integrating IPython and Jupyter Notebook into IDA
ESET Research
StrongPity espionage campaign targeting Android users
ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version
Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities
ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer
Fantasy – a new Agrius wiper deployed through a supply‑chain attack
ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry
Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group
Bahamut cybermercenary group targets Android users with fake VPN apps
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware masquerading as an Android translation app
POLONIUM targets Israel with Creepy malware
ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
ESET researchers have discovered Lazarus attacks against targets in the Netherlands and Belgium that use spearphishing emails connected to fake job offers
You never walk alone: The SideWalk backdoor gets a Linux variant
ESET researchers have uncovered another tool in the already extensive arsenal of the SparklingGoblin APT group: a Linux variant of the SideWalk backdoor
RDP on the radar: An up‑close view of evolving remote access threats
Misconfigured remote access services continue to give bad actors an easy access path to company networks – here’s how you can minimize your exposure to attacks misusing Remote Desktop Protocol
Worok: The big picture
Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files
ESET Research Podcast: Hot security topics at RSA or mostly hype?
Listen to Cameron Camp, Juraj Jánošík, and Filip Mazán discuss the use of machine learning in cybersecurity, followed by Cameron’s insights into the security of medical devices
I see what you did there: A look at the CloudMensis macOS spyware
Previously unknown macOS malware uses cloud storage as its C&C channel and to exfiltrate documents, keystrokes, and screen captures from compromised Macs
ESET Research Podcast: UEFI in crosshairs of ESPecter bootkit
Listen to Aryeh Goretsky, Martin Smolár, and Jean-Ian Boutin discuss what UEFI threats are capable of and what the ESPecter bootkit tells us about their evolution
Sandworm uses a new version of ArguePatch to attack targets in Ukraine
ESET researchers spot an updated version of the malware loader used in the Industroyer2 and CaddyWiper attacks
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
ESET researchers reveal a detailed profile of TA410: we believe this cyberespionage umbrella group consists of three different teams using different toolsets, including a new version of the FlowCloud espionage backdoor discovered by ESET.
When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops
ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware
ESET takes part in global operation to disrupt Zloader botnets
ESET researchers provided technical analysis, statistical information, and known command and control server domain names and IP addresses
Fake e‑shops on the prowl for banking credentials using Android malware
ESET researchers analyzed three malicious applications targeting customers of eight Malaysian banks