Sednit update: Analysis of Zebrocy
Zebrocy heavily used by the Sednit group over last two years
Research
Expert content, for researchers by researchersResearch
Beware ad slingers thinly disguised as security apps
ESET researchers have analyzed a newly discovered set of apps on Google Play, Google's official Android app store, that pose as security applications. Instead of security, all they provide is unwanted ads and ineffective pseudo-security.
Lazarus KillDisks Central American casino
The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.
Pingu Cleans Up: Subscription scam on Google Play
The game was uploaded to Google Play and attempted to trick users into unwittingly signing up for a weekly paid subscription
The Last Windows XP Security White Paper
Using the strategies and procedures we present in our paper could help prevent an attacker from taking control of your computer
Glupteba is no longer part of Windigo
Latest ESET research strongly suggests that Glupteba is no longer tied to the infamous Operation Windigo.
Dangerous malware stealing bitcoin hosted on Download.com for years
ESET researchers dicovered that Trojanized applications used to steal bitcoin were hosted inadvertently by the popular website download.cnet.com.
OceanLotus ships new backdoor using old tricks
To smuggle the backdoor onto a targeted machine, the group uses a two-stage attack whereby a dropper package first gains a foothold on the system and sets the stage for the backdoor itself. This process involves some trickery commonly associated with targeted operations of this kind.
New traces of Hacking Team in the wild
Since being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world. The capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device’s webcam and microphone.
Cryptocurrency scams on Android: do you know what to watch out for?
The recent rise in cryptocurrency scams appearing on the Android platform in disguise has shown that such incidents are not exclusive to PCs and also highlight the importance of knowing what to look out for so you do not unintentionally take part.
Privacy by Design: Can you create a safe smart home?
The Internet of Things (IoT) can be a network of connected convenience but this should not come at the expense of safeguarding your privacy and the personal data that connected devices collect and share.
Android ransomware in 2017: Innovative infiltration and rougher extortion
Ransomware in 2017 saw users and businesses across the globe trying to cope with campaigns such as Petya and WannaCryptor. Not to be outdone, Android ransomware had a year full of innovative infiltration and rougher extortion as highlighted by the latest ESET research whitepaper.
FriedEx: BitPaymer ransomware the work of Dridex authors
ESET research has found that the ransomware FriedEx, also known as BitPaymer, is actually the work of the notorious gang responsible for the Dridex banking trojan.
ESET’s guide makes it possible to peek into FinFisher
To help malware analysts and security researchers overcome FinFisher’s advanced anti-disassembly obfuscation and virtualization features, ESET researchers have framed some clever tricks into a whitepaper, “ESET’s guide to deobfuscating and devirtualizing FinFisher”.
ESET research: Appearances are deceiving with Turla’s backdoor-laced Flash Player installer
In order to establish persistence on the system, the installer tampers with the operating system’s registry. It also creates an administrative account that allows remote access.
Sednit update: How Fancy Bear Spent the Year
Over the past few years the Sednit group has used various techniques to deploy their various components on targets computers. The attack usually starts with an email containing either a malicious link or malicious attachment.
Memes: the explanation of nearly everything – including computer viruses
We still don’t have a solid scientific theory of memes; nonetheless, they already allow us to understand why certain things happen the way they do. Memes are “alive”; they reproduce, mutate, and evolve according to Darwinian laws.
Banking malware on Google Play targets Polish banks
Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.
StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved?
As we reported in September, in campaigns we detected in two different countries, man-in-the-middle attacks had been used to spread FinFisher, with the “man” in both cases most likely operating at the ISP level.
ESET takes part in global operation to disrupt Gamarue
Wauchos is an extensible bot that allows its owner to create and use custom plugins. However, there are some plugins that are widely available and that are used by many different botnets.