ESET Security

Shedding light on AceCryptor and its operation

Since the first known appearance of AceCryptor back in 2016, many malware authors have used the services of this cryptor, even the best-known crimeware like Emotet, back when it didn’t use its own cryptor.

You may not care where you download software from, but malware does

Even when security practitioners commonly advise people to only download software from reputable sites, people still download files from distinctly non-reputable places and get compromised as a result.

Evasive Panda APT Group Delivers Malware via Updates for Popular Chinese Software

ESET Research uncovered a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software.

Linux Malware Strengthens Links Between Lazarus APT and the 3CX Supply Chain Attack

Researchers were able to reconstruct the full chain, from the ZIP file that delivers a fake HSBC job offer as a decoy, up until the final payload: the SimplexTea Linux backdoor distributed through an OpenDrive cloud storage account.

Discarded, not destroyed: Old routers reveal corporate secrets

In the wrong hands, the data gleaned from the devices – including customer data, router-to-router authentication keys, application lists, and much more – is enough to launch a cyberattack.

Trojanized WhatsApp and Telegram Apps Go After Victims' Cryptocurrency Wallets

Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows. The malware can switch cryptocurrency wallet addresses sent in chat messages with attackers' wallet addresses.

Transparent Tribe Lures Indian and Pakistani Officials With Romance Scam to Spread Malware

ESET researchers have identified an active Transparent Tribe campaign, targeting mostly Indian and Pakistani Android users – presumably with a military or political orientation.

Mustang Panda’s Latest 'MQsTTang' Backdoor Treads New Ground With Qt and MQTT

This backdoor is part of an ongoing campaign that researchers can trace back to early January 2023. Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects.

WinorDLL64: A backdoor from the vast Lazarus arsenal?

The WinorDLL64 payload serves as a backdoor that most notably acquires extensive system information, provides means for file manipulation, such as exfiltrating, overwriting, and removing files, and executes additional commands.

Operation LiberalFace Targeted Japanese Political Entities Before Elections

ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags