ESET Threat Report Q1 2020
A view of the Q1 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Research
Expert content, for researchers by researchersResearch
Grandoreiro: How engorged can an EXE get?
Another in our occasional series demystifying Latin American banking trojans
Following ESET’s discovery, a Monero mining botnet is disrupted
ESET researchers discover, and play a key role in the disruption of, a 35,000-strong botnet spreading in Latin America via compromised USB drives
Serious flaws found in multiple smart home hubs: Is your device among them?
In worst-case scenarios, some vulnerabilities could even allow attackers to take control over the central units and all peripheral devices connected to them
Stantinko’s new cryptominer features unique obfuscation techniques
ESET researchers bring to light unique obfuscation techniques discovered in the course of analyzing a new cryptomining module distributed by the Stantinko group’s botnet
Tracking Turla: New backdoor delivered via Armenian watering holes
Can an old APT learn new tricks? Turla’s TTPs are largely unchanged, but the group recently added a Python backdoor.
Guildma: The Devil drives electric
The fourth installment of our occasional series demystifying Latin American banking trojans
KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices
ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices
Winnti Group targeting universities in Hong Kong
ESET researchers uncover a new campaign of the Winnti Group targeting universities and using ShadowPad and Winnti malware
It’s time to disconnect RDP from the internet
Brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connections; ESET releases a tool to test your Windows machines for vulnerable versions
Stantinko botnet adds cryptomining to its pool of criminal activities
ESET researchers have discovered that the criminals behind the Stantinko botnet are distributing a cryptomining module to the computers they control
Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
ESET researchers have discovered a new downloader with a novel, not previously seen in the wild installation technique
Mispadu: Advertisement for a discounted Unhappy Meal
Another in our occasional series demystifying Latin American banking trojans
Tracking down the developer of Android adware affecting millions of users
ESET researchers discovered a year-long adware campaign on Google Play and tracked down its operator. The apps involved, installed eight million times, use several tricks for stealth and persistence.
Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
Notorious cyberespionage group debases MSSQL
Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser
ESET researchers discover a trojanized Tor Browser distributed by cybercriminals to steal bitcoins from darknet market buyers
What was wrong with Alexa? How Amazon Echo and Kindle got KRACKed
ESET Smart Home Research Team uncovers Echo, Kindle versions vulnerable to 2017 Wi-Fi vulnerabilities
Operation Ghost: The Dukes aren’t back – they never left
ESET researchers describe recent activity of the infamous espionage group, the Dukes, including three new malware families
Connecting the dots: Exposing the arsenal and methods of the Winnti Group
New ESET white paper released describing updates to the malware arsenal and campaigns of this group known for its supply-chain attacks
ESET discovers Attor, a spy platform with curious GSM fingerprinting
ESET researchers discover a previously unreported cyberespionage platform used in targeted attacks against diplomatic missions and governmental institutions, and privacy-concerned users