A deep dive down the Vermin RAThole
ESET researchers have analyzed remote access tools cybercriminals have been using in an ongoing espionage campaign to systematically spy on Ukrainian government institutions and exfiltrate data from their systems
Research
Expert content, for researchers by researchersResearch
Ammyy Admin compromised with malware again; World Cup used as cover
Website altered to serve a malware-tainted version of otherwise legitimate software with the global event in Russia acting as a smokescreen
Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign
D-Link and Changing Information Technologies code-signing certificates stolen and abused by highly skilled cyberespionage group focused on East Asia, particularly Taiwan
New Telegram-abusing Android RAT discovered in the wild
Entirely new malware family discovered by ESET researchers
Phishing anniversary: Here’s a free $50/month subscription
Adidas “prize” used as bait in attempt to lure people into biting
Android users: Beware these popularity-faking tricks on Google Play
Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers
InvisiMole: Surprisingly equipped spyware, undercover since 2013
Hunting for secrets from high-profile targets while staying in the shadows
BackSwap malware finds innovative ways to empty bank accounts
ESET researchers have discovered a piece of banking malware that employs a new technique to bypass dedicated browser protection measures
Turla Mosquito: A shift towards more generic tools
ESET researchers have observed a significant change in the campaign of the infamous espionage group
A tale of two zero-days
Double zero-day vulnerabilities fused into one. A mysterious sample enables attackers to execute arbitrary code with the highest privileges on intended targets
One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak
The infamous outbreak may no longer be causing mayhem worldwide but the threat that enabled it is still very much alive and posing a major threat to unpatched and unprotected systems
Inside fake Interac transfer and tax refund SMS phishing
It’s tax season in Canada and scammers are using fake tax refund forms to lure victims into supplying their personal information via phishing pages
Sednit update: Analysis of Zebrocy
Zebrocy heavily used by the Sednit group over last two years
Beware ad slingers thinly disguised as security apps
ESET researchers have analyzed a newly discovered set of apps on Google Play, Google's official Android app store, that pose as security applications. Instead of security, all they provide is unwanted ads and ineffective pseudo-security.
Lazarus KillDisks Central American casino
The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.
Pingu Cleans Up: Subscription scam on Google Play
The game was uploaded to Google Play and attempted to trick users into unwittingly signing up for a weekly paid subscription
The Last Windows XP Security White Paper
Using the strategies and procedures we present in our paper could help prevent an attacker from taking control of your computer
Glupteba is no longer part of Windigo
Latest ESET research strongly suggests that Glupteba is no longer tied to the infamous Operation Windigo.
Dangerous malware stealing bitcoin hosted on Download.com for years
ESET researchers dicovered that Trojanized applications used to steal bitcoin were hosted inadvertently by the popular website download.cnet.com.
OceanLotus ships new backdoor using old tricks
To smuggle the backdoor onto a targeted machine, the group uses a two-stage attack whereby a dropper package first gains a foothold on the system and sets the stage for the backdoor itself. This process involves some trickery commonly associated with targeted operations of this kind.