OSX/Proton spreading again through supply‑chain attack
Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.
ESET Research
DoubleLocker: Innovative Android Ransomware
DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data it finds in them - a combination that has not been seen previously in the Android ecosystem.
Money‑making machine: Monero‑mining malware
While far behind Bitcoin in market capitalization, Monero has several features that make it a very attractive cryptocurrency to be mined by malware.
BankBot trojan returns to Google Play with new tricks
The Android banking trojan that we first informed about in the beginning of this year has found its way to Google Play again and contains new tricks designed to get access to the private banking information of the user.
New FinFisher surveillance campaigns: Internet providers involved?
FinFisher has extensive spying capabilities, such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. What sets FinFisher apart from other surveillance tools, however, are the controversies around its deployments.
Cryptocurrency web mining: In union there is profit
Cryptocurrency mining has been used by cybercriminals to make a quick and easy profit while corrupting the victim’s machine in the process.
DownAndExec: Banking malware utilizes CDNs in Brazil
Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage. However, the CDNs might be becoming a new way of spreading malware.
New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies
Security researchers at ESET have released new research today into the activities of the notorious Turla cyberespionage group.
Gamescom 2017: It’s all fun and games until black hats step in
ESET researchers have discovered a new sneaky malware threat named Joao, targeting gamers worldwide.
ESET’s Anton Cherepanov picks up Pwnie for Best Backdoor
Anton Cherepanov, a malware researcher at ESET, has picked up a Pwnie Award for Best Backdoor at this year’s ceremony at Black Hat USA 2017 in Las Vegas.
Malware found lurking behind every app at alternative Android store
ESET researchers have discovered an Android app store distributing malware on a mass scale.
Stantinko: A massive adware campaign operating covertly since 2012
Since the beginning of 2017, ESET has been conducting an investigation into a complex threat mainly targeting Russia and Ukraine. Stantinko has stood out.
Everything you need to know about the latest variant of Petya
The latest global cyberattack, detected by ESET as Win32 / Diskcoder.C, considered a variant of Petya, once again highlights the reality outdated systems and insufficient security solutions are still widespread.
New WannaCryptor‑like ransomware attack hits globally: All you need to know
Numerous reports are coming out on social media about a new ransomware attack in Ukraine, which could be related to the Petya family.
Birthday Reminder looks benign but the devil’s in the details: Hooks DNS, serves dodgy ads
The strange behavior of a simple Windows application caught our attention and sparked the analysis by ESET of a previously undocumented malware.
Industroyer: Biggest threat to industrial control systems since Stuxnet
ESET has analyzed a sophisticated and extremely dangerous malware, known as Industroyer, which is designed to disrupt critical industrial processes.
Turla’s watering hole campaign: An updated Firefox extension abusing Instagram
The Turla espionage group is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure.
Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy
Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx.
Turn the light on and give me your passwords!
ESET researchers have discovered another banking trojan on Google Play targeting Android users – this time disguised as a Flashlight widget.
Sathurbot: Distributed WordPress password attack
This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts.