Fake finance apps on Google Play target users from around the world
Cybercrooks use bogus apps to phish six online banks and a cryptocurrency exchange
Research
Expert content, for researchers by researchersResearch
Kodi add‑ons launch cryptomining campaign
ESET researchers have discovered several third-party add-ons for the popular open-source media player Kodi being used to distribute Linux and Windows cryptocurrency-mining malware
PowerPool malware exploits ALPC LPE zero‑day vulnerability
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure
Turla: In and out of its unique Outlook backdoor
The latest ESET research offers a rare glimpse into the mechanics of a particularly stealthy and resilient backdoor that the Turla cyberespionage group can fully control via PDF files attached to emails
Fake banking apps on Google Play leak stolen credit card data
Fraudsters are using bogus apps to convince users of three Indian banks to divulge their personal data
A deep dive down the Vermin RAThole
ESET researchers have analyzed remote access tools cybercriminals have been using in an ongoing espionage campaign to systematically spy on Ukrainian government institutions and exfiltrate data from their systems
Ammyy Admin compromised with malware again; World Cup used as cover
Website altered to serve a malware-tainted version of otherwise legitimate software with the global event in Russia acting as a smokescreen
Certificates stolen from Taiwanese tech‑companies misused in Plead malware campaign
D-Link and Changing Information Technologies code-signing certificates stolen and abused by highly skilled cyberespionage group focused on East Asia, particularly Taiwan
New Telegram‑abusing Android RAT discovered in the wild
Entirely new malware family discovered by ESET researchers
Phishing anniversary: Here’s a free $50/month subscription
Adidas “prize” used as bait in attempt to lure people into biting
Android users: Beware these popularity‑faking tricks on Google Play
Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers
InvisiMole: Surprisingly equipped spyware, undercover since 2013
Hunting for secrets from high-profile targets while staying in the shadows
BackSwap malware finds innovative ways to empty bank accounts
ESET researchers have discovered a piece of banking malware that employs a new technique to bypass dedicated browser protection measures
Turla Mosquito: A shift towards more generic tools
ESET researchers have observed a significant change in the campaign of the infamous espionage group
A tale of two zero‑days
Double zero-day vulnerabilities fused into one. A mysterious sample enables attackers to execute arbitrary code with the highest privileges on intended targets
One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak
The infamous outbreak may no longer be causing mayhem worldwide but the threat that enabled it is still very much alive and posing a major threat to unpatched and unprotected systems
Inside fake Interac transfer and tax refund SMS phishing
It’s tax season in Canada and scammers are using fake tax refund forms to lure victims into supplying their personal information via phishing pages
Sednit update: Analysis of Zebrocy
Zebrocy heavily used by the Sednit group over last two years
Beware ad slingers thinly disguised as security apps
ESET researchers have analyzed a newly discovered set of apps on Google Play, Google's official Android app store, that pose as security applications. Instead of security, all they provide is unwanted ads and ineffective pseudo-security.
Lazarus KillDisks Central American casino
The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.