VestaCP compromised in a new supply‑chain attack
Customers see their admin credentials stolen and their servers infected with Linux/ChachaDDoS
Research
Expert content, for researchers by researchersResearch
GreyEnergy: Updated arsenal of one of the most dangerous threat actors
ESET research reveals a successor to the infamous BlackEnergy APT group targeting critical infrastructure, quite possibly in preparation for damaging attacks
New TeleBots backdoor: First evidence linking Industroyer to NotPetya
ESET’s analysis of a recent backdoor used by TeleBots – the group behind the massive NotPetya ransomware outbreak – uncovers strong code similarities to the Industroyer main backdoor, revealing a rumored connection that was not previously proven
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe
DanaBot shifts its targeting to Europe, adds new features
ESET researchers have discovered new DanaBot campaigns targeting a number of European countries
Fake finance apps on Google Play target users from around the world
Cybercrooks use bogus apps to phish six online banks and a cryptocurrency exchange
Kodi add‑ons launch cryptomining campaign
ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware
PowerPool malware exploits ALPC LPE zero‑day vulnerability
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure
Turla: In and out of its unique Outlook backdoor
The latest ESET research offers a rare glimpse into the mechanics of a particularly stealthy and resilient backdoor that the Turla cyberespionage group can fully control via PDF files attached to emails
Fake banking apps on Google Play leak stolen credit card data
Fraudsters are using bogus apps to convince users of three Indian banks to divulge their personal data
A deep dive down the Vermin RAThole
ESET researchers have analyzed remote access tools cybercriminals have been using in an ongoing espionage campaign to systematically spy on Ukrainian government institutions and exfiltrate data from their systems
Ammyy Admin compromised with malware again; World Cup used as cover
Website altered to serve a malware-tainted version of otherwise legitimate software with the global event in Russia acting as a smokescreen
Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign
D-Link and Changing Information Technologies code-signing certificates stolen and abused by highly skilled cyberespionage group focused on East Asia, particularly Taiwan
New Telegram‑abusing Android RAT discovered in the wild
Entirely new malware family discovered by ESET researchers
Phishing anniversary: Here’s a free $50/month subscription
Adidas “prize” used as bait in attempt to lure people into biting
Android users: Beware these popularity‑faking tricks on Google Play
Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers
InvisiMole: Surprisingly equipped spyware, undercover since 2013
Hunting for secrets from high-profile targets while staying in the shadows
BackSwap malware finds innovative ways to empty bank accounts
ESET researchers have discovered a piece of banking malware that employs a new technique to bypass dedicated browser protection measures
Turla Mosquito: A shift towards more generic tools
ESET researchers have observed a significant change in the campaign of the infamous espionage group
A tale of two zero‑days
Double zero-day vulnerabilities fused into one. A mysterious sample enables attackers to execute arbitrary code with the highest privileges on intended targets