Robert Lipovsky

Trojans that encrypt user files and try to extort a ransom from the victim in exchange for a decryptor utility are nothing new. We’ve noted a significant increase in Filecoder activity over the past few summer months - in this blog post we address the questions we’re getting about this issue.

In this 3rd Hesperbot blog post we’ll look at the most intriguing part of the malware - the way it handles network traffic interception.

Win32/Spy.Hesperbot is a new banking trojan that has been targeting online banking users in Turkey, the Czech Republic, Portugal and the United Kingdom. For more information about its malware spreading campaigns and victims, refer to our first blog post. In this post we’ll cover the technical details of the malware, including the overall architecture, as well as the mobile component.

A new and effective banking trojan has been discovered targeting online banking users in Turkey, the Czech Republic, Portugal and the United Kingdom. It uses very credible-looking phishing-like campaigns, related to trustworthy organizations, to lure victims into running the malware.

Bitcoin is not the only crypto-currency targeted by malware now that a Trojan designed to steal Litecoins has been discovered. In this post we review recent discoveries in malware impacting digital money.

ESET’s Security Research Lab details a malware-spreading campaign leveraging the deadline for tax returns in Slovakia and examines a case of infection where a bank's two-factor authentication prevented financial loss.

The ‘PokerAgent’ botnet, which we have tracked in 2012, was designed to harvest Facebook log-on credentials, also collecting information on credit card details linked to the Facebook account and Zynga Poker player stats, presumably with the intention to mug the victims.