Robert Lipovsky

ESET has discovered a new wave of cyberattacks attacks against Ukraine's electric power industry. Interesting, the malware that was used is not BlackEnergy.

The recent attacks on the electrical power industry in Ukraine are connected to attacks on the media and to targeted cyber-espionage attacks against Ukrainian governmental agencies.

Every now and again, ESET comes across an attack that "stands out". Odlanor malware fits that bill - this unique trojan targets players of online poker.

Operation Patao Express – Attackers spying on high-value targets in Ukraine, Russia and Belarus, and their TrueCrypt-encrypted data.

Over 500,000 Android users targeted by phishing apps harvesting their Facebook credentials. ESET detects these trojans as Android/Spy.Feabme.A.

Win32/VirLock is ransomware that locks victims’ screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.

After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one

In this post we provide additional information on how a specially crafted PowerPoint slideshow file (.PPSX) led to the execution of a BlackEnergy dropper.

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that's evolved into a sophisticated threat with a modular architecture.