August 20, 2024 at 04:21PM A novel phishing campaign in the Czech Republic targets mobile users through Progressive Web Applications to steal banking account credentials from banks such as CSOB, OTP, and TBC. The phishing websites are distributed through voice calls, SMS, and social media. The attack is notable for deceiving users into installing PWAs … Read more
July 23, 2024 at 08:15AM ESET has warned of a zero-day exploit affecting Telegram for Android, allowing threat actors to distribute malicious files disguised as videos. The vulnerability, dubbed EvilVideo, auto-downloads payloads containing APK files presented as multimedia previews. Users are advised to update their app to version 10.14.5 to address this issue. Based on … Read more
May 15, 2024 at 09:07AM An unnamed European Ministry of Foreign Affairs and its three diplomatic missions in the Middle East were targeted by two new backdoors, LunarWeb and LunarMail, attributed with medium confidence to the Russia-aligned cyberespionage group Turla. The backdoors use HTTP(S) and email messages for their communication, and appear to have been … Read more
May 14, 2024 at 12:37PM Summary: Ebury, a malware botnet, has infected nearly 400,000 Linux servers since 2009, with around 100,000 still compromised in late 2023. ESET researchers have tracked the financially motivated operation for over a decade, observing updates in its capabilities. Recent tactics involve breaching hosting providers, stealing credentials, exploiting vulnerabilities, and employing … Read more
February 5, 2024 at 08:45AM Patchwork used romance scam lures to distribute VajraSpy trojan in India and Pakistan. ESET uncovered 12 espionage apps, including some on Google Play, infecting over 1,400 devices. The malware steals various data and was spread through fake messaging apps. This isn’t the first time for Patchwork, which has targeted similar … Read more
February 2, 2024 at 10:44AM The Indian APT group Patchwork used six Android espionage applications on Google Play, masquerading as messaging and news services, to distribute the VajraSpy remote access Trojan. ESET researchers found the RAT intercepts calls, messages, extracts WhatsApp and Signal messages, records calls, and takes pictures. The campaign primarily targeted Pakistani users … Read more
January 30, 2024 at 12:30PM Brazilian law enforcement arrested several operators of the Grandoreiro malware in a recent operation. Slovak cybersecurity firm ESET assisted in uncovering a design flaw in Grandoreiro’s network protocol. The banking trojan targets Latin American countries and has the ability to steal data and control infected devices remotely. The operation aimed … Read more
January 5, 2024 at 01:27AM A new variant of the Bandook trojan is being spread through phishing attacks, targeting Windows machines. The malware is distributed via a PDF file embedding a link to a password-protected .7z archive. After extraction, the malware injects its payload into msinfo32.exe. This off-the-shelf malware can remotely control infected systems and … Read more
December 28, 2023 at 01:54AM A new malware loader, Win/TrojanDownloader.Rugmi, is being used to distribute various information stealers like Lumma Stealer, Vidar, and RecordBreaker. ESET reports a spike in Rugmi loader detections in late 2023. Stealer malware, like Lumma, is sold as a service, utilizing various distribution methods including leveraging Discord’s content delivery network. McAfee … Read more
December 14, 2023 at 08:00AM OilRig, an Iranian cyber espionage group, has deployed three new downloader malware named ODAgent, OilCheck, and OilBooster to maintain access to victim organizations in Israel. These lightweight downloaders use legitimate cloud service APIs for command-and-control communication, aiming to blend with authentic network traffic. The targets include healthcare, manufacturing, and governmental … Read more