November 27, 2024 at 12:07PM ESET has identified a prototype UEFI bootkit, named Bootkitty, targeting specific Ubuntu Linux configurations, marking a shift from Windows-exclusive attacks. While still in development, Bootkitty aims to disable kernel signature verification, allowing unsigned modules to load. A related module, BCDropper, exhibits rootkit-like behavior. **Meeting Takeaways:** 1. **Discovery of UEFI Bootkit:** … Read more
November 7, 2024 at 07:30PM The Chinese APT group MirrorFace has expanded its espionage activities into the European Union, utilizing SoftEther VPN. Previously known for interfering in Japanese elections, MirrorFace now targets diplomatic entities. Other China-backed groups are also adopting SoftEther VPN to avoid detection, indicating a rise in cyber espionage tactics in Europe. ### … Read more
October 2, 2024 at 09:08PM CeranaKeeper, a China-aligned threat actor, has conducted large-scale data exfiltration in Southeast Asia. ESET researchers found that the group has been active since early 2022, using tools associated with Mustang Panda and exploiting file-sharing services. They breached Thai government systems and conducted extensive data harvesting, demonstrating rapid evolution and persistence. … Read more
August 22, 2024 at 05:08PM A new Android malware called NGate has emerged, capable of cloning contactless payment data from credit and debit cards and sending it to an attacker’s device for fraudulent transactions. Initially based on NFCgate, this malware leverages phishing and social engineering to steal banking information and execute fraudulent ATM transactions. Based … Read more
July 30, 2024 at 07:24AM Cybersecurity researchers uncovered widespread phishing campaigns targeting small and medium-sized businesses in Poland in May 2024, deploying malware like Agent Tesla, Formbook, and Remcos RAT. The attacks also targeted Italy and Romania. Using compromised accounts and servers, the campaigns utilized a malware loader called DBatLoader to deliver the final payloads, … Read more
July 23, 2024 at 12:29PM Telegram has addressed a zero-day flaw in older Android app versions, allowing attackers to hide malicious payloads in video files. ESET researchers discovered the flaw, “EvilVideo”, on a hacker forum. Exploit affected versions 10.14.4 and below. Updates to version 10.14.5 and above fix the issue. Users should update immediately to … Read more
July 22, 2024 at 10:47AM Summary: The “EvilVideo” zero-day vulnerability in Telegram for Android allowed threat actors to send malicious APK payloads disguised as video files. ESET researchers discovered the flaw and notified Telegram, which released a patch in version 10.14.5. The exploit required multiple steps for execution, reducing the risk of successful attacks. Users … Read more
May 16, 2024 at 12:05PM Security researchers discovered two new backdoors, LunarWeb and LunarMail, used to compromise a European government’s diplomatic institutions abroad. The malware, linked to the Russian state-sponsored hacker group Turla, has been active since 2020. The backdoors allow for prolonged surveillance, data theft, and control over compromised systems, posing a serious security … Read more
May 15, 2024 at 07:06AM Ebury, a sophisticated malware botnet, has compromised 400,000 Linux servers since 2009, with over 100,000 still affected as of late 2023. It is employed for various nefarious activities such as spam distribution, web traffic redirection, and credential theft, as well as cryptocurrency heists and credit card stealing. The threat actors … Read more
February 1, 2024 at 02:11PM VajraSpy, an Android remote access trojan, was discovered in 12 apps, 6 of which were on Google Play. The malware stole personal data and targeted users primarily in Pakistan. ESET researchers linked it to the Patchwork APT group and advised against downloading obscure chat apps. The threat actors’ tactics continue … Read more