A dive into Turla PowerShell usage
ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only
Malware
Fake cryptocurrency apps crop up on Google Play as bitcoin price rises
ESET researchers have analyzed fake cryptocurrency wallets emerging on Google Play at the time of bitcoin’s renewed growth
A journey to Zebrocy land
ESET sheds light on commands used by the favorite backdoor of the Sednit group
Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
ESET researchers have discovered that the attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software
Turla LightNeuron: An email too far
ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments
Buhtrap backdoor and Buran ransomware distributed via major advertising platform
Criminal activities against accountants on the rise – Buhtrap and RTM still active
OceanLotus: macOS malware update
Latest ESET research describes the inner workings of a recently found addition to OceanLotus’s toolset for targeting Mac users
Fake or Fake: Keeping up with OceanLotus decoys
ESET researchers detail the latest tricks and techniques OceanLotus uses to deliver its backdoor while staying under the radar
Gaming industry still in the scope of attackers in Asia
Asian game developers again targeted in supply-chain attacks distributing malware in legitimately signed software
Navigating the murky waters of Android banking malware
An interview with ESET malware researcher Lukáš Štefanko about Android banking malware, the topic of his latest white paper
DanaBot updated with new C&C communication
ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs
Ransomware vs. printing press? US newspapers face “foreign cyberattack”
Did malware disrupt newspaper deliveries in major US cities? Here’s what’s known about the incident so far and the leading suspect: Ryuk ransomware. Plus, advice on defending your organization against such attacks.
DanaBot evolves beyond banking Trojan with new spam‑sending capability
ESET research shows that DanaBot operators have been expanding the malware’s scope and possibly cooperating with another criminal group
The Dark Side of the ForSSHe
ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats
Black Friday and Cyber Monday by Emotet: Filling inboxes with infected XML macros
Emotet starts another massive spam campaign just as the shopping season picks up steam
Sednit: What’s going on with Zebrocy?
In August 2018, Sednit’s operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats
OceanLotus: New watering hole attack in Southeast Asia
ESET researchers identified 21 distinct websites that had been compromised including some particularly notable government and media sites
Emotet launches major new spam campaign
The recent spike in Emotet activity shows that it remains an active threat
Supply‑chain attack on cryptocurrency exchange gate.io
Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange
Banking Trojans continue to surface on Google Play
The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users