Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
Notorious cyberespionage group debases MSSQL
Research
Expert content, for researchers by researchersResearch
Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser
ESET researchers discover a trojanized Tor Browser distributed by cybercriminals to steal bitcoins from darknet market buyers
What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed
ESET Smart Home Research Team uncovers Echo, Kindle versions vulnerable to 2017 Wi-Fi vulnerabilities
Operation Ghost: The Dukes aren’t back – they never left
ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families
Connecting the dots: Exposing the arsenal and methods of the Winnti Group
New ESET white paper released describing updates to the malware arsenal and campaigns of this group known for its supply-chain attacks
ESET discovers Attor, a spy platform with curious GSM fingerprinting
ESET researchers discover a previously unreported cyberespionage platform used in targeted attacks against diplomatic missions and governmental institutions, and privacy-concerned users
Needles in a haystack: Picking unwanted UEFI components out of millions of samples
ESET experts describe how they trained a machine-learning model to recognize a handful of unwanted UEFI components within a flood of millions of harmless samples
Casbaneiro: Dangerous cooking with a secret ingredient
Número dois in our series demystifying Latin American banking trojans
No summer vacations for Zebrocy
ESET researchers describe the latest components used in a recent Sednit campaign
ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group
ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East
First‑of‑its‑kind spyware sneaks into Google Play
ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twice
In the Balkans, businesses are under fire from a double‑barreled weapon
ESET researchers discovered a campaign that uses two malicious tools with similar capabilities to ensure both resilience and broader potential for the attackers
Varenyky: Spambot à la Française
ESET researchers document malware-distributing spam campaigns targeting people in France
Sharpening the Machete
ESET research uncovers a cyberespionage operation targeting Venezuelan government institutions
From Carnaval to Cinco de Mayo – The journey of Amavaldo
The first in an occasional series demystifying Latin American banking trojans
Android ransomware is back
ESET researchers discover a new Android ransomware family that attempts to spread to victims’ contacts and deploys some unusual tricks
With FaceApp in the spotlight, new scams emerge
ESET researchers discover fraudulent schemes piggybacking on the popularity of the face-modifying tool FaceApp, using a fake “Pro” version of the application as a lure
Okrum: Ke3chang group targets diplomatic missions
Tracking the malicious activities of the elusive Ke3chang APT group, ESET researchers have discovered new versions of malware families linked to the group, and a previously unreported backdoor
Buhtrap group uses zero‑day in latest espionage campaigns
ESET research reveals notorious crime group also conducting espionage campaigns for the past five years
Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks
ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows