ESET researchers have discovered an active espionage campaign targeting Android users with apps primarily posing as messaging services. While these apps offer functional services as bait, they are bundled with the open-source XploitSPY malware.Read More…
ESET researchers have identified 12 Android espionage apps that share the same malicious code; six were available on Google Play. All the observed applications were advertised as messaging tools, apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT) codeRead More…
ESET researchers have observed alarming growth in deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are, in fact, designed to defraud usersRead More…
ESET researchers have discovered a new Lazarus Operation DreamJob campaign targeting Linux users. ESET Research was able to reconstruct the full chain, from the ZIP file that delivers a fake HSBC job offer as a decoy up until the final payload: the SimplexTea Linux backdoor distributed through an OpenDrive cloudRead More…
ESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps. Most of the malicious apps we identified are clippersRead More…
ESET researchers have analyzed a cyberespionage campaign distributing CapraRAT backdoors through trojanized and supposedly “secure” Android messaging apps that exfiltrate sensitive information.Read More…
ESET researchers are the first to publish an analysis of a UEFI bootkit that is capable of bypassing an essential platform security feature – UEFI Secure Boot. The functionality of the bootkit and its individual features make ESET Research believe that it is a threat known as BlackLotus,Read More…
ESET researchers discovered a new wiper and its execution tool, both attributed to the Iran-aligned Agrius APT group. The malware operators conducted a supply-chain attack abusing an Israeli software developer to deploy their new wiper, Fantasy, and a new lateral movement and Fantasy execution tool, Sandals.Read More…
ESET researchers analyzed a previously unreported sophisticated backdoor used by the ScarCruft APT group. The backdoor, which ESET named Dolphin, has a wide range of spying capabilities, including monitoring drives and portable devices,Read More…
ESET researchers recently identified a new version of the Android malware FurBall being used in a Domestic Kitten campaign conducted by the APT-C-50 group. The Domestic Kitten campaign is known to conduct mobile surveillance operations against Iranian citizens, and this new FurBall versionRead More…
ESET researchers discovered a previously unknown macOS backdoor that spies on users of compromised Macs and exclusively uses public cloud storage services to communicate back and forth with its operators.Read More…
André Lameiras, security writer at ESET takes a walk into his memory lane and goes back five years ago, when ESET researchers released their analysis of the first ever malware that was designed specifically to attack power gridsRead More…
