Windigo Still not Windigone: An Ebury Update
In 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury In 2017, the team found a new Ebury sample.
Malware
OSX/Proton spreading again through supply‑chain attack
Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.
Money‑making machine: Monero‑mining malware
While far behind Bitcoin in market capitalization, Monero has several features that make it a very attractive cryptocurrency to be mined by malware.
DownAndExec: Banking malware utilizes CDNs in Brazil
Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage. However, the CDNs might be becoming a new way of spreading malware.
Malware coded into synthetic genomes
Malware coded synthetic genomes have caused skepticism within the scientific community, but new research might help to change that perception.
Gamescom 2017: It’s all fun and games until black hats step in
ESET researchers have discovered a new sneaky malware threat named Joao, targeting gamers worldwide.
Malware found lurking behind every app at alternative Android store
ESET researchers have discovered an Android app store distributing malware on a mass scale.
Stantinko: A massive adware campaign operating covertly since 2012
Since the beginning of 2017, ESET has been conducting an investigation into a complex threat mainly targeting Russia and Ukraine. Stantinko has stood out.
Web‑hosting firm agrees to pay over $1 million to ransomware extortionists
A variant of the Erebus ransomware has hit a South Korean web hosting company hard, and disrupted the websites of thousands of businesses.
Industroyer: ICS protocols were developed decades ago with no security in mind
Senior ESET malware researcher Robert Lipovsky discusses Industroyer, the biggest threat to Industrial Control Systems (ICS) since Stuxnet.
Seven years after Stuxnet: Industrial systems security once again in the spotlight
Seven years after Stuxnet first came to light, industrial systems security once again in the spotlight, reports ESET's Robert Lipovsky.
Industroyer: Biggest threat to industrial control systems since Stuxnet
ESET has analyzed a sophisticated and extremely dangerous malware, known as Industroyer, which is designed to disrupt critical industrial processes.
Botnets overshadowed by ransomware (in media)
Regardless of how prominent and effective ransomware appears to be, it is not the most dangerous form of malware.
Sednit adds two zero‑day exploits using ‘Trump’s attack on Syria’ as a decoy
Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx.
Malware warning for Mac users, after HandBrake mirror download server hacked
A mirror download server for the popular tool HandBrake video file-transcoding app has been compromised by hackers, who replaced its Mac edition with malware.
Fake Chrome extensions inject code into web pages
Recently, here at our research lab, we have seen an increase in the number of JS/Chromex.Submelius threats detected, says Camilo Gutiérrez Amaya.
Linux Shishiga malware using LUA scripts
The usage of the BitTorrent protocol and Lua modules separates Linux/Shishiga from other types of malware, according to analysis by ESET.
Turn the light on and give me your passwords!
ESET researchers have discovered another banking trojan on Google Play targeting Android users – this time disguised as a Flashlight widget.
Top tip for botnet overlords: Don’t vacation in countries that can extradite you to the United States
There's no doubt that a life of cybercrime can earn its most successful overlords a considerable amount of money, but you will always have to live with the fear that you could be apprehended and - if convicted - spend years in prison.
Sathurbot: Distributed WordPress password attack
This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts.