Sednit update: Analysis of Zebrocy
Zebrocy heavily used by the Sednit group over last two years
Malware
Firms using WebEx at risk of poisoned Flash attacks
Companies should check they are running latest version of WebEx, and beware attacks via the road less travelled.
Fake or not fake – that is the question
An interview with ESET’s Lukáš Štefanko on the thin line between what deserves the name “security app” and what can be called fake.
Beware ad slingers thinly disguised as security apps
ESET researchers have analyzed a newly discovered set of apps on Google Play, Google's official Android app store, that pose as security applications. Instead of security, all they provide is unwanted ads and ineffective pseudo-security.
Glupteba is no longer part of Windigo
Latest ESET research strongly suggests that Glupteba is no longer tied to the infamous Operation Windigo.
Dangerous malware stealing bitcoin hosted on Download.com for years
ESET researchers dicovered that Trojanized applications used to steal bitcoin were hosted inadvertently by the popular website download.cnet.com.
OceanLotus ships new backdoor using old tricks
To smuggle the backdoor onto a targeted machine, the group uses a two-stage attack whereby a dropper package first gains a foothold on the system and sets the stage for the backdoor itself. This process involves some trickery commonly associated with targeted operations of this kind.
Banking malware on Google Play targets Polish banks
Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.
ESET malware researchers awarded prize in open-source memory forensics competition
The Volatility Foundation, the non-profit organization behind the Volatility Framework, sponsors the yearly Volatility Plugin Contest to acknowledge the best forensic tools built on the Volatility platform.
New campaigns spread banking malware through Google Play
For a user, it can be difficult to figure out whether an app is malicious. First off it is always good only to install applications from the Google Play store, since most malware is still mainly spread through alternative stores.
Multi-stage malware sneaks into Google Play
In all the cases we investigated, the final payload was a mobile banking trojan. Once installed, it behaves like a typical malicious app of this kind: it may present the user with fake login forms to steal credentials or credit card details.
Windigo Still not Windigone: An Ebury Update
In 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury In 2017, the team found a new Ebury sample.
OSX/Proton spreading again through supply-chain attack
Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.
Money-making machine: Monero-mining malware
While far behind Bitcoin in market capitalization, Monero has several features that make it a very attractive cryptocurrency to be mined by malware.
DownAndExec: Banking malware utilizes CDNs in Brazil
Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage. However, the CDNs might be becoming a new way of spreading malware.
Malware coded into synthetic genomes
Malware coded synthetic genomes have caused skepticism within the scientific community, but new research might help to change that perception.
Gamescom 2017: It’s all fun and games until black hats step in
ESET researchers have discovered a new sneaky malware threat named Joao, targeting gamers worldwide.
Malware found lurking behind every app at alternative Android store
ESET researchers have discovered an Android app store distributing malware on a mass scale.
Stantinko: A massive adware campaign operating covertly since 2012
Since the beginning of 2017, ESET has been conducting an investigation into a complex threat mainly targeting Russia and Ukraine. Stantinko has stood out.
Web-hosting firm agrees to pay over $1 million to ransomware extortionists
A variant of the Erebus ransomware has hit a South Korean web hosting company hard, and disrupted the websites of thousands of businesses.