DanaBot updated with new C&C communication
ESET researchers have discovered new versions of the DanaBot Trojan, updated with a more complicated protocol for C&C communication and slight modifications to architecture and campaign IDs
Research
Expert content, for researchers by researchersResearch
“Love you” malspam gets a makeover for massive Japan‑targeted campaign
ESET researchers have detected a substantial new wave of the “Love you” malspam campaign, updated to target Japan and spread GandCrab 5.1
Russia hit by new wave of ransomware spam
Among the increased number of malicious JavaScript email attachments observed in January 2019, ESET researchers have spotted a large wave of ransomware-spreading spam targeting Russian users
Android Trojan steals money from PayPal accounts even with 2FA on
ESET researchers discovered a new Android Trojan using a novel Accessibility-abusing technique that targets the official PayPal app, and is capable of bypassing PayPal’s two-factor authentication
DanaBot evolves beyond banking Trojan with new spam‑sending capability
ESET research shows that DanaBot operators have been expanding the malware’s scope and possibly cooperating with another criminal group
The Dark Side of the ForSSHe
ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats
3ve – Major online ad fraud operation disrupted
International law enforcement swoops on fake ad viewing outfit
Sednit: What’s going on with Zebrocy?
In August 2018, Sednit’s operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats
OceanLotus: New watering hole attack in Southeast Asia
ESET researchers identified 21 distinct websites that had been compromised including some particularly notable government and media sites
Emotet launches major new spam campaign
The recent spike in Emotet activity shows that it remains an active threat
Supply‑chain attack on cryptocurrency exchange gate.io
Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange
Banking Trojans continue to surface on Google Play
The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users
VestaCP compromised in a new supply‑chain attack
Customers see their admin credentials stolen and their servers infected with Linux/ChachaDDoS
GreyEnergy: Updated arsenal of one of the most dangerous threat actors
ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks
New TeleBots backdoor: First evidence linking Industroyer to NotPetya
ESET’s analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe
DanaBot shifts its targeting to Europe, adds new features
ESET researchers have discovered new DanaBot campaigns targeting a number of European countries
Fake finance apps on Google Play target users from around the world
Cybercrooks use bogus apps to phish six online banks and a cryptocurrency exchange
Kodi add‑ons launch cryptomining campaign
ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware
PowerPool malware exploits ALPC LPE zero‑day vulnerability
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure