DownAndExec: Banking malware utilizes CDNs in Brazil

Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage. However, the CDNs might be becoming a new way of spreading malware.

New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies

Security researchers at ESET have released new research today into the activities of the notorious Turla cyberespionage group.

Stantinko: A massive adware campaign operating covertly since 2012

Since the beginning of 2017, ESET has been conducting an investigation into a complex threat mainly targeting Russia and Ukraine. Stantinko has stood out.

Analysis of TeleBots’ cunning backdoor

This article reveals details about the initial infection vector that was used during the DiskCoder.C outbreak.

TeleBots are back: Supply-chain attacks against Ukraine

This blogpost reveals many details about the Diskcoder.C (aka ExPetr or NotPetya) outbreak and related information about previously unpublished attacks.

Birthday Reminder looks benign but the devil’s in the details: Hooks DNS, serves dodgy ads

The strange behavior of a simple Windows application caught our attention and sparked the analysis by ESET of a previously undocumented malware.

Industroyer: Biggest threat to industrial control systems since Stuxnet

ESET has analyzed a sophisticated and extremely dangerous malware, known as Industroyer, which is designed to disrupt critical industrial processes.

Turla’s watering hole campaign: An updated Firefox extension abusing Instagram

The Turla espionage group is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure.

Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy

Sednit is back – this time with two more zero-day exploits embedded in a phishing email titled Trump’s_Attack_on_Syria_English.docx.

Linux Shishiga malware using LUA scripts

The usage of the BitTorrent protocol and Lua modules separates Linux/Shishiga from other types of malware, according to analysis by ESET.

Real or virtual currency? Scammers accept both

ESET researchers have discovered and reported scammers stealing PayPal and Paxful credentials disguised as a tool for YouTube monetization, and a bitcoin trading marketplace.

Sathurbot: Distributed WordPress password attack

This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts.

Carbon Paper: Peering into Turla’s second stage backdoor

The Turla espionage group has been targeting various institutions for many years. Recently, ESET found several new versions of Carbon.

If you download Minecraft mods from Google Play, read on …

ESET researchers have discovered 87 malicious apps on Google Play disguised as mods for Minecraft.

New Instagram credential stealers discovered on Google Play

ESET researchers discovered 13 new Instagram credential stealers on Google play and looked into the motivations behind their fraudulent schemes.

Aggressive ad-displaying Google Play app tricks users into leaving high ratings

ESET researchers have observed an increased number of apps on Google Play using social engineering techniques to boost their ratings, ranging from legitimate apps, through adware to malware.

Released Android malware source code used to run a banking botnet

ESET researchers have discovered a new variant of botnet-forming Android banking malware based on source code made public a couple of months ago.

Sunny with a chance of stolen credentials: Malicious weather app found on Google Play

ESET has spotted a new banking malware on Google Play. Disguised as a weather forecast app, it steals banking credentials and locks screens.

New crypto-ransomware hits macOS

This last month we have seen a new ransomware for Mac. Written in Swift, it is distributed on BitTorrent distribution site as “Patcher” for pirating popular software.

Demystifying targeted malware used against Polish banks

The purpose of this blog is to deliver technical details of an as-yet minimally documented malware that has made headlines in Poland.

Follow us

Copyright © 2018 ESET, All Rights Reserved.