You never walk alone: The SideWalk backdoor gets a Linux variant
ESET researchers have uncovered another tool in the already extensive arsenal of the SparklingGoblin APT group: a Linux variant of the SideWalk backdoor
ESET Research
RDP on the radar: An up‑close view of evolving remote access threats
Misconfigured remote access services continue to give bad actors an easy access path to company networks – here’s how you can minimize your exposure to attacks misusing Remote Desktop Protocol
Worok: The big picture
Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files
ESET Research Podcast: Hot security topics at RSA or mostly hype?
Listen to Cameron Camp, Juraj Jánošík, and Filip Mazán discuss the use of machine learning in cybersecurity, followed by Cameron’s insights into the security of medical devices
I see what you did there: A look at the CloudMensis macOS spyware
Previously unknown macOS malware uses cloud storage as its C&C channel and to exfiltrate documents, keystrokes, and screen captures from compromised Macs
ESET Research Podcast: UEFI in crosshairs of ESPecter bootkit
Listen to Aryeh Goretsky, Martin Smolár, and Jean-Ian Boutin discuss what UEFI threats are capable of and what the ESPecter bootkit tells us about their evolution
Sandworm uses a new version of ArguePatch to attack targets in Ukraine
ESET researchers spot an updated version of the malware loader used in the Industroyer2 and CaddyWiper attacks
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
ESET researchers reveal a detailed profile of TA410: we believe this cyberespionage umbrella group consists of three different teams using different toolsets, including a new version of the FlowCloud espionage backdoor discovered by ESET.
When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops
ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware
ESET takes part in global operation to disrupt Zloader botnets
ESET researchers provided technical analysis, statistical information, and known command and control server domain names and IP addresses
Fake e‑shops on the prowl for banking credentials using Android malware
ESET researchers analyzed three malicious applications targeting customers of eight Malaysian banks
Under the hood of Wslink’s multilayered virtual machine
ESET researchers describe the structure of the virtual machine used in samples of Wslink and suggest a possible approach to see through its obfuscation techniques
Crypto malware in patched wallets targeting Android and iOS devices
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets
Mustang Panda’s Hodur: Old tricks, new Korplug variant
ESET researchers have discovered Hodur, a previously undocumented Korplug variant spread by Mustang Panda, that uses phishing lures referencing current events in Europe, including the invasion of Ukraine
Watering hole deploys new macOS malware, DazzleSpy, in Asia
Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs
DoNot Go! Do not respawn!
ESET researchers take a deep look into recent attacks carried out by Donot Team throughout 2020 and 2021, targeting government and military entities in several South Asian countries
Signed kernel drivers – Unguarded gateway to Windows’ core
ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation
The dirty dozen of Latin America: From Amavaldo to Zumanek
The grand finale of our series dedicated to demystifying Latin American banking trojans
Launching ESET Research Podcast: A peek behind the scenes of ESET discoveries
Press play for the first episode as host Aryeh Goretsky is joined by Zuzana Hromcová to discuss native IIS malware
Jumping the air gap: 15 years of nation‑state effort
ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs