DoNot Go! Do not respawn!
ESET researchers take a deep look into recent attacks carried out by Donot Team throughout 2020 and 2021, targeting government and military entities in several South Asian countries
ESET Research
Signed kernel drivers – Unguarded gateway to Windows’ core
ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation
The dirty dozen of Latin America: From Amavaldo to Zumanek
The grand finale of our series dedicated to demystifying Latin American banking trojans
Launching ESET Research Podcast: A peek behind the scenes of ESET discoveries
Press play for the first episode as host Aryeh Goretsky is joined by Zuzana Hromcová to discuss native IIS malware
Jumping the air gap: 15 years of nation‑state effort
ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs
Strategic web compromises in the Middle East with a pinch of Candiru
ESET researchers have discovered strategic web compromise (aka watering hole) attacks against high‑profile websites in the Middle East
Wslink: Unique and undocumented malicious loader that runs as a server
There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor
FontOnLake: Previously unknown malware family targeting Linux
ESET researchers discover a malware family with tools that show signs they’re used in targeted attacks
To the moon and hack: Fake SafeMoon app drops malware to spy on you
Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze
UEFI threats moving to the ESP: Introducing ESPecter bootkit
ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012
FamousSparrow: A suspicious hotel guest
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021
Numando: Count once, code twice
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans.
BladeHawk group: Android espionage against Kurdish ethnic group
ESET researchers have investigated a mobile espionage campaign that targets the Kurdish ethnic group and has been active since at least March 2020
The SideWalk may be as dangerous as the CROSSWALK
Meet SparklingGoblin, a member of the Winnti family
IISerpent: Malware‑driven SEO fraud as a service
The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites
IISpy: A complex server‑side backdoor with anti‑forensic features
The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers
IIStealer: A server‑side threat to e‑commerce transactions
The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information
BackdoorDiplomacy: Upgrading from Quarian to Turian
ESET researchers discover a new campaign that evolved from the Quarian backdoor
Gelsemium: When threat actors go gardening
ESET researchers shed light on new campaigns from the quiet Gelsemium group
ESET Research goes to RSA Conference 2021 with two presentations
We will explore two threats – Android stalkerware and XP exploits