Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies
ESET researchers uncover targeted attacks against high-profile aerospace and military companies
Malware
Gamaredon group grows its game
Active APT group adds cunning remote template injectors for Word and Excel documents; unique Outlook mass-mailing macro
From Agent.BTZ to ComRAT v4: A ten‑year journey
Turla has updated its ComRAT backdoor and now uses the Gmail web interface for Command and Control
Insidious Android malware gives up all malicious features but one to gain stealth
ESET researchers detect a new way of misusing Accessibility Service, the Achilles’ heel of Android security
No “Game over” for the Winnti Group
The notorious APT group continues to play the video game industry with yet another backdoor
Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
ESET researchers dissect a backdoor deployed in attacks against multiple government agencies and major organizations operating in two critical infrastructure sectors in Asia
Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks
ESET researchers uncover several instances of malware that uses various attack vectors to target systems isolated by an air gap
Breaking news? App promises news feeds, brings DDoS attacks instead
After being targeted by an Android DDoS app, ESET seized the opportunity to analyze the attack and to help put an end to it
Grandoreiro: How engorged can an EXE get?
Another in our occasional series demystifying Latin American banking trojans
Stantinko’s new cryptominer features unique obfuscation techniques
ESET researchers bring to light unique obfuscation techniques discovered in the course of analyzing a new cryptomining module distributed by the Stantinko group’s botnet
Tracking Turla: New backdoor delivered via Armenian watering holes
Can an old APT learn new tricks? Turla’s TTPs are largely unchanged, but the group recently added a Python backdoor.
Guildma: The Devil drives electric
The fourth installment of our occasional series demystifying Latin American banking trojans
Winnti Group targeting universities in Hong Kong
ESET researchers uncover a new campaign of the Winnti Group targeting universities and using ShadowPad and Winnti malware
Stantinko botnet adds cryptomining to its pool of criminal activities
ESET researchers have discovered that the criminals behind the Stantinko botnet are distributing a cryptomining module to the computers they control
Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
ESET researchers have discovered a new downloader with a novel, not previously seen in the wild installation technique
Tracking down the developer of Android adware affecting millions of users
ESET researchers discovered a year-long adware campaign on Google Play and tracked down its operator. The apps involved, installed eight million times, use several tricks for stealth and persistence.
Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
Notorious cyberespionage group debases MSSQL
Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser
ESET researchers discover a trojanized Tor Browser distributed by cybercriminals to steal bitcoins from darknet market buyers
Operation Ghost: The Dukes aren’t back – they never left
ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families
Connecting the dots: Exposing the arsenal and methods of the Winnti Group
New ESET white paper released describing updates to the malware arsenal and campaigns of this group known for its supply-chain attacks