DanaBot updated with new C&C communication
ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs
Malware
Ransomware vs. printing press? US newspapers face “foreign cyberattack”
Did malware disrupt newspaper deliveries in major US cities? Here’s what’s known about the incident so far and the leading suspect: Ryuk ransomware. Plus, advice on defending your organization against such attacks.
DanaBot evolves beyond banking Trojan with new spam‑sending capability
ESET research shows that DanaBot operators have been expanding the malware’s scope and possibly cooperating with another criminal group
The Dark Side of the ForSSHe
ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats
Black Friday and Cyber Monday by Emotet: Filling inboxes with infected XML macros
Emotet starts another massive spam campaign just as the shopping season picks up steam
Sednit: What’s going on with Zebrocy?
In August 2018, Sednit’s operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats
OceanLotus: New watering hole attack in Southeast Asia
ESET researchers identified 21 distinct websites that had been compromised including some particularly notable government and media sites
Emotet launches major new spam campaign
The recent spike in Emotet activity shows that it remains an active threat
Supply‑chain attack on cryptocurrency exchange gate.io
Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange
Banking Trojans continue to surface on Google Play
The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users
VestaCP compromised in a new supply‑chain attack
Customers see their admin credentials stolen and their servers infected with Linux/ChachaDDoS
Ammyy Admin compromised with malware again; World Cup used as cover
Website altered to serve a malware-tainted version of otherwise legitimate software with the global event in Russia acting as a smokescreen
Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign
D-Link and Changing Information Technologies code-signing certificates stolen and abused by highly skilled cyberespionage group focused on East Asia, particularly Taiwan
New Telegram‑abusing Android RAT discovered in the wild
Entirely new malware family discovered by ESET researchers
BackSwap malware finds innovative ways to empty bank accounts
ESET researchers have discovered a piece of banking malware that employs a new technique to bypass dedicated browser protection measures
One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak
The infamous outbreak may no longer be causing mayhem worldwide but the threat that enabled it is still very much alive and posing a major threat to unpatched and unprotected systems
Sednit update: Analysis of Zebrocy
Zebrocy heavily used by the Sednit group over last two years
Firms using WebEx at risk of poisoned Flash attacks
Companies should check they are running latest version of WebEx, and beware attacks via the road less travelled.
Fake or not fake – that is the question
An interview with ESET’s Lukáš Štefanko on the thin line between what deserves the name “security app” and what can be called fake.
Beware ad slingers thinly disguised as security apps
ESET researchers have analyzed a newly discovered set of apps on Google Play, Google's official Android app store, that pose as security applications. Instead of security, all they provide is unwanted ads and ineffective pseudo-security.