Numando: Count once, code twice
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans.
Malware
The SideWalk may be as dangerous as the CROSSWALK
Meet SparklingGoblin, a member of the Winnti family
IISerpent: Malware‑driven SEO fraud as a service
The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites
IISpy: A complex server‑side backdoor with anti‑forensic features
The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers
IIStealer: A server‑side threat to e‑commerce transactions
The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information
Anatomy of native IIS malware
ESET researchers publish a white paper putting IIS web server threats under the microscope
Some URL shortener services distribute Android malware, including banking or SMS trojans
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.
Bandidos at large: A spying campaign in Latin America
ESET Research uncovers an active malicious campaign that uses new versions of old malware, Bandook, to spy on its victims
BackdoorDiplomacy: Upgrading from Quarian to Turian
ESET researchers discover a new campaign that evolved from the Quarian backdoor
Gelsemium: When threat actors go gardening
ESET researchers shed light on new campaigns from the quiet Gelsemium group
ESET Research goes to RSA Conference 2021 with two presentations
We will explore two threats – Android stalkerware and XP exploits
Ousaban: Private photo collection hidden in a CABinet
Another in our occasional series demystifying Latin American banking trojans
FBI removes web shells from compromised Exchange servers
Authorities step in to thwart attacks leveraging the recently-disclosed Microsoft Exchange Server vulnerabilities
(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa
Supply‑chain attacks: When trust goes wrong, try hope?
How can organizations tackle the growing menace of attacks that shake trust in software?
Janeleiro, the time traveler: A new old banking trojan in Brazil
ESET Research uncovers a new threat that targets organizations operating in various sectors in Brazil
Backdoor added to PHP source code in Git server breach
Had the incident gone unnoticed, the attackers could have taken over websites using the tainted code
Exchange servers under siege from at least 10 APT groups
ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world
Cybersecurity risks and challenges facing the financial industry
A primer on various threats looming over financial companies and the steps that these organizations can take to counter them
Malware authors already taking aim at Apple M1 Macs
The first instance of malicious code native to Apple Silicon M1 Macs emerged a month after the release of devices equipped with the company’s in-house CPUs