To smuggle the backdoor onto a targeted machine, the group uses a two-stage attack whereby a dropper package first gains a foothold on the system and sets the stage for the backdoor itself. This process involves some trickery commonly associated with targeted operations of this kind.
Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.
The Volatility Foundation, the non-profit organization behind the Volatility Framework, sponsors the yearly Volatility Plugin Contest to acknowledge the best forensic tools built on the Volatility platform.
For a user, it can be difficult to figure out whether an app is malicious. First off it is always good only to install applications from the Google Play store, since most malware is still mainly spread through alternative stores.
In all the cases we investigated, the final payload was a mobile banking trojan. Once installed, it behaves like a typical malicious app of this kind: it may present the user with fake login forms to steal credentials or credit card details.
In 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury In 2017, the team found a new Ebury sample.
Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.
While far behind Bitcoin in market capitalization, Monero has several features that make it a very attractive cryptocurrency to be mined by malware.
Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage. However, the CDNs might be becoming a new way of spreading malware.
Malware coded synthetic genomes have caused skepticism within the scientific community, but new research might help to change that perception.
ESET researchers have discovered a new sneaky malware threat named Joao, targeting gamers worldwide.
ESET researchers have discovered an Android app store distributing malware on a mass scale.
Since the beginning of 2017, ESET has been conducting an investigation into a complex threat mainly targeting Russia and Ukraine. Stantinko has stood out.
A variant of the Erebus ransomware has hit a South Korean web hosting company hard, and disrupted the websites of thousands of businesses.
Senior ESET malware researcher Robert Lipovsky discusses Industroyer, the biggest threat to Industrial Control Systems (ICS) since Stuxnet.
Seven years after Stuxnet first came to light, industrial systems security once again in the spotlight, reports ESET's Robert Lipovsky.
ESET has analyzed a sophisticated and extremely dangerous malware, known as Industroyer, which is designed to disrupt critical industrial processes.
Regardless of how prominent and effective ransomware appears to be, it is not the most dangerous form of malware.
Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx.
A mirror download server for the popular tool HandBrake video file-transcoding app has been compromised by hackers, who replaced its Mac edition with malware.