Grandoreiro banking trojan impersonates Spain’s tax agency
Beware the tax bogeyman – there are tax scams aplenty
ESET Research
Mekotio: These aren’t the security updates you’re looking for…
Another in our occasional series demystifying Latin American banking trojans
Stadeo: Deobfuscating Stantinko and more
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware
Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping
At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought
Thunderspy attacks: What they are, who’s at greatest risk and how to stay safe
All you need to know about preventing adversaries from exploiting the recently disclosed vulnerabilities in the Thunderbolt interface
Mac cryptocurrency trading application rebranded, bundled with malware
ESET researchers lure GMERA malware operators to remotely control their Mac honeypots
Welcome Chat as a secure messaging app? Nothing could be further from the truth
ESET research uncovers a malicious operation that both spies on victims and leaks their data
More evil: A deep look at Evilnum and its toolset
ESET research gives a detailed picture of the operations of the Evilnum group and its toolkit deployed in attacks against carefully chosen targets in the fintech sector
Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game
Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too
New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor
ESET researchers dissect an Android app that masquerades as an official COVID-19 contact-tracing app and encrypts files on the victim's device
Gamaredon group grows its game
Active APT group adds cunning remote template injectors for Word and Excel documents; unique Outlook mass-mailing macro
From Agent.BTZ to ComRAT v4: A ten‑year journey
Turla has updated its ComRAT backdoor and now uses the Gmail web interface for Command and Control
Insidious Android malware gives up all malicious features but one to gain stealth
ESET researchers detect a new way of misusing Accessibility Service, the Achilles’ heel of Android security
No “Game over” for the Winnti Group
The notorious APT group continues to play the video game industry with yet another backdoor
Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
ESET researchers dissect a backdoor deployed in attacks against multiple government agencies and major organizations operating in two critical infrastructure sectors in Asia
Following ESET’s discovery, a Monero mining botnet is disrupted
ESET researchers discover, and play a key role in the disruption of, a 35,000-strong botnet spreading in Latin America via compromised USB drives
Serious flaws found in multiple smart home hubs: Is your device among them?
In worst-case scenarios, some vulnerabilities could even allow attackers to take control over the central units and all peripheral devices connected to them
Tracking Turla: New backdoor delivered via Armenian watering holes
Can an old APT learn new tricks? Turla’s TTPs are largely unchanged, but the group recently added a Python backdoor.
KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices
ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices
Winnti Group targeting universities in Hong Kong
ESET researchers uncover a new campaign of the Winnti Group targeting universities and using ShadowPad and Winnti malware