Not‑so‑private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets
ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds
Research
The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia
ESET Research uncovered a campaign by APT group Tick against a data-loss prevention company in East Asia and found a previously unreported tool used by the group
Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials
ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information
MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT
ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocol
BlackLotus UEFI bootkit: Myth confirmed
The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality
ESET Research Podcast: Ransomware trashed data, Android threats soared in T3 2022
And that’s just the tip of the iceberg when it comes to the trends that defined the cyberthreat landscape in the final four months of 2022.
A year of wiper attacks in Ukraine
ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia’s invasion of Ukraine in 2022
WinorDLL64: A backdoor from the vast Lazarus arsenal?
The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group
These aren’t the apps you’re looking for: fake installers targeting Southeast and East Asia
ESET researchers have identified a campaign using trojanized installers to deliver the FatalRAT malware, distributed via malicious websites linked in ads that appear in Google search results
ESET Threat Report T3 2022
A view of the T3 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
ESET APT Activity Report T3 2022
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T3 2022
SwiftSlicer: New destructive wiper malware strikes Ukraine
Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country
Introducing IPyIDA: A Python plugin for your reverse‑engineering toolkit
ESET Research announces IPyIDA 2.0, a Python plugin integrating IPython and Jupyter Notebook into IDA
StrongPity espionage campaign targeting Android users
ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version
Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities
ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer
Fantasy – a new Agrius wiper deployed through a supply‑chain attack
ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry
Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group
RansomBoggs: New ransomware targeting Ukraine
ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm's fingerprints all over it
Bahamut cybermercenary group targets Android users with fake VPN apps
Malicious apps used in this active campaign exfiltrate contacts, SMS messages, recorded phone calls, and even chat messages from apps such as Signal, Viber, and Telegram
ESET APT Activity Report T2 2022
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T2 2022