First‑of‑its‑kind spyware sneaks into Google Play
ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twice
Research
Expert content, for researchers by researchersResearch
In the Balkans, businesses are under fire from a double‑barreled weapon
ESET researchers discovered a campaign that uses two malicious tools with similar capabilities to ensure both resilience and broader potential for the attackers
Varenyky: Spambot à la Française
ESET researchers document malware-distributing spam campaigns targeting people in France
Sharpening the Machete
ESET research uncovers a cyberespionage operation targeting Venezuelan government institutions
From Carnaval to Cinco de Mayo – The journey of Amavaldo
The first in an occasional series demystifying Latin American banking trojans
Android ransomware is back
ESET researchers discover a new Android ransomware family that attempts to spread to victims’ contacts and deploys some unusual tricks
With FaceApp in the spotlight, new scams emerge
ESET researchers discover fraudulent schemes piggybacking on the popularity of the face-modifying tool FaceApp, using a fake “Pro” version of the application as a lure
Okrum: Ke3chang group targets diplomatic missions
Tracking the malicious activities of the elusive Ke3chang APT group, ESET researchers have discovered new versions of malware families linked to the group, and a previously unreported backdoor
Buhtrap group uses zero‑day in latest espionage campaigns
ESET research reveals notorious crime group also conducting espionage campaigns for the past five years
Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks
ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows
Malicious campaign targets South Korean users with backdoor‑laced torrents
ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure
LoudMiner: Cross‑platform mining in cracked VST software
The story of a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS
Malware sidesteps Google permissions policy with new 2FA bypass technique
ESET analysis uncovers a novel technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions
Wajam: From start‑up to massively‑spread adware
How a Montreal-made "social search engine" application has managed to become widely-spread adware, while escaping consequences
A dive into Turla PowerShell usage
ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only
Fake cryptocurrency apps crop up on Google Play as bitcoin price rises
ESET researchers have analyzed fake cryptocurrency wallets emerging on Google Play at the time of bitcoin’s renewed growth
Patch now! Why the BlueKeep vulnerability is a big deal
What you need to know about the critical security hole that could enable the next WannaCryptor
A journey to Zebrocy land
ESET sheds light on commands used by the favorite backdoor of the Sednit group
EternalBlue reaching new heights since WannaCryptor outbreak
Attack attempts involving the exploit are in hundreds of thousands daily
Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
ESET researchers have discovered that the attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software