ESET Research

Zebrocy heavily used by the Sednit group over last two years

Over the past few years the Sednit group has used various techniques to deploy their various components on targets computers. The attack usually starts with an email containing either a malicious link or malicious attachment.

Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.

DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data it finds in them - a combination that has not been seen previously in the Android ecosystem.

We are halfway through the year and it is a good opportunity to analyze the extent to which the ideas we gathered in the Trends 2017: Security Held Ransom report have come true.

Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx.

The usage of the BitTorrent protocol and Lua modules separates Linux/Shishiga from other types of malware, according to analysis by ESET.

This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts.

The Turla espionage group has been targeting various institutions for many years. Recently, ESET found several new versions of Carbon.