ESET Threat Report Q3 2020
A view of the Q3 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Research
Expert content, for researchers by researchersResearch
ESET takes part in global operation to disrupt Trickbot
Throughout its monitoring, ESET analyzed thousands of malicious samples every month to help this effort
XDSpy: Stealing government secrets since 2011
ESET researchers uncover a new APT group that has been stealing sensitive documents from several governments in Eastern Europe and the Balkans since 2011
LATAM financial cybercrime: Competitors‑in‑crime sharing TTPs
ESET researchers discover surprisingly many indicators of close cooperation among Latin American banking trojans’ authors
APT‑C‑23 group evolves its Android spyware
ESET researchers uncover a new version of Android spyware used by the APT-C-23 threat group against targets in the Middle East
Who is calling? CDRThief targets Linux VoIP softswitches
ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches
KryptoCibule: The multitasking multicurrency cryptostealer
ESET researchers analyze a previously undocumented trojan that is spread via malicious torrents and uses multiple tricks to squeeze cryptocoins from its victims while staying under the radar
Grandoreiro banking trojan impersonates Spain’s tax agency
Beware the tax bogeyman – there are tax scams aplenty
Mekotio: These aren’t the security updates you’re looking for…
Another in our occasional series demystifying Latin American banking trojans
Stadeo: Deobfuscating Stantinko and more
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware
Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping
At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought
Thunderspy attacks: What they are, who’s at greatest risk and how to stay safe
All you need to know about preventing adversaries from exploiting the recently disclosed vulnerabilities in the Thunderbolt interface
ESET Threat Report Q2 2020
A view of the Q2 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Mac cryptocurrency trading application rebranded, bundled with malware
ESET researchers lure GMERA malware operators to remotely control their Mac honeypots
Welcome Chat as a secure messaging app? Nothing could be further from the truth
ESET research uncovers a malicious operation that both spies on victims and leaks their data
More evil: A deep look at Evilnum and its toolset
ESET research gives a detailed picture of the operations of the Evilnum group and its toolkit deployed in attacks against carefully chosen targets in the fintech sector
Remote access at risk: Pandemic pulls more cyber‑crooks into the brute‑forcing game
Poorly secured remote access attracts mostly ransomware gangs, but can provide access to coin miners and backdoors too
New ransomware posing as COVID‑19 tracing app targets Canada; ESET offers decryptor
ESET researchers dissect an Android app that masquerades as an official COVID-19 contact-tracing app and encrypts files on the victim's device
Digging up InvisiMole’s hidden arsenal
ESET researchers reveal the modus operandi of the elusive InvisiMole group, including newly discovered ties with the Gamaredon group
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies
ESET researchers uncover targeted attacks against high-profile aerospace and military companies