OSX/Proton spreading again through supply-chain attack
Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.
Research
Expert content, for researchers by researchersResearch
DoubleLocker: Innovative Android Ransomware
DoubleLocker can change the device’s PIN, preventing victims from accessing their devices, and also encrypts the data it finds in them - a combination that has not been seen previously in the Android ecosystem.
Money-making machine: Monero-mining malware
While far behind Bitcoin in market capitalization, Monero has several features that make it a very attractive cryptocurrency to be mined by malware.
BankBot trojan returns to Google Play with new tricks
The Android banking trojan that we first informed about in the beginning of this year has found its way to Google Play again and contains new tricks designed to get access to the private banking information of the user.
New FinFisher surveillance campaigns: Internet providers involved?
FinFisher has extensive spying capabilities, such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. What sets FinFisher apart from other surveillance tools, however, are the controversies around its deployments.
Cryptocurrency web mining: In union there is profit
Cryptocurrency mining has been used by cybercriminals to make a quick and easy profit while corrupting the victim’s machine in the process.
DownAndExec: Banking malware utilizes CDNs in Brazil
Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage. However, the CDNs might be becoming a new way of spreading malware.
New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies
Security researchers at ESET have released new research today into the activities of the notorious Turla cyberespionage group.
Stantinko: A massive adware campaign operating covertly since 2012
Since the beginning of 2017, ESET has been conducting an investigation into a complex threat mainly targeting Russia and Ukraine. Stantinko has stood out.
Analysis of TeleBots’ cunning backdoor
This article reveals details about the initial infection vector that was used during the DiskCoder.C outbreak.
TeleBots are back: Supply-chain attacks against Ukraine
This blogpost reveals many details about the Diskcoder.C (aka ExPetr or NotPetya) outbreak and related information about previously unpublished attacks.
Birthday Reminder looks benign but the devil’s in the details: Hooks DNS, serves dodgy ads
The strange behavior of a simple Windows application caught our attention and sparked the analysis by ESET of a previously undocumented malware.
Industroyer: Biggest threat to industrial control systems since Stuxnet
ESET has analyzed a sophisticated and extremely dangerous malware, known as Industroyer, which is designed to disrupt critical industrial processes.
Turla’s watering hole campaign: An updated Firefox extension abusing Instagram
The Turla espionage group is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure.
Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy
Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx.
Linux Shishiga malware using LUA scripts
The usage of the BitTorrent protocol and Lua modules separates Linux/Shishiga from other types of malware, according to analysis by ESET.
Real or virtual currency? Scammers accept both
ESET researchers have discovered and reported scammers stealing PayPal and Paxful credentials disguised as a tool for YouTube monetization, and a bitcoin trading marketplace.
Sathurbot: Distributed WordPress password attack
This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts.
Carbon Paper: Peering into Turla’s second stage backdoor
The Turla espionage group has been targeting various institutions for many years. Recently, ESET found several new versions of Carbon.
If you download Minecraft mods from Google Play, read on …
ESET researchers have discovered 87 malicious apps on Google Play disguised as mods for Minecraft.