BladedFeline: Whispering in the dark

— June 5^th 2025 at 09:00

ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

WeLiveSecurity

Danabot: Analyzing a fallen empire

— May 22^nd 2025 at 20:03

ESET Research shares its findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation

WeLiveSecurity

ESET takes part in global operation to disrupt Lumma Stealer

— May 21^st 2025 at 16:15

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

WeLiveSecurity

ESET APT Activity Report Q4 2024–Q1 2025

— May 19^th 2025 at 08:55

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2024 and Q1 2025

WeLiveSecurity

Operation RoundPress

— May 15^th 2025 at 07:22

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

WeLiveSecurity

TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks

— April 30^th 2025 at 09:00

ESET researchers analyzed Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks

WeLiveSecurity

Shifting the sands of RansomHub’s EDRKillShifter

— March 26^th 2025 at 14:58

ESET researchers discover new ties between affiliates of RansomHub and of rival gangs Medusa, BianLian, and Play

WeLiveSecurity

You will always remember this as the day you finally caught FamousSparrow

— March 26^th 2025 at 14:45

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

WeLiveSecurity

Operation FishMedley

— March 20^th 2025 at 10:00

ESET researchers detail a global espionage operation by FishMonger, the APT group run by I‑SOON

WeLiveSecurity

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

— March 18^th 2025 at 10:00

ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor

WeLiveSecurity

Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani

— February 28^th 2025 at 10:00

Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media

WeLiveSecurity

Will Windows 10 leave enterprises vulnerable to zero-days?

— March 13^th 2015 at 11:24

One thing Microsoft has been very public about is Windows 10's new strategy of releasing patches to update the operating system at different times for consumer and enterprise versions.

WeLiveSecurity

CryptoFortress mimics TorrentLocker but is a different ransomware

— March 9^th 2015 at 17:25

ESET assess the differences between CryptoFortress and TorrentLocker: two very different strains of ransomware.

WeLiveSecurity

MSIL/Agent.PYO: Have botnet, will travel

— January 29^th 2015 at 13:50

ESET's researchers recently encountered a piece of malware targeting the filling of the forms belonging to the Consulate of Poland. To understand why it is first necessary to have a brief look at the application process for visas.

WeLiveSecurity

Windows exploitation in 2014

— January 8^th 2015 at 13:44

Today, we published our research about Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.

WeLiveSecurity

Virlock: First Self-Reproducing Ransomware is also a Shape Shifter

— December 22^nd 2014 at 13:55

Win32/VirLock is ransomware that locks victims’ screens but also acts as parasitic virus, infecting existing files on their computers. The virus is also polymorphic, which makes it an interesting piece of malware to analyze. This is the first time such combination of malware features has been observed.

WeLiveSecurity

Cybercrime Trends & Predictions for 2015

— December 18^th 2014 at 13:19

As regular readers will know, every year we publish our predictions on cybercrime attacks for the year ahead. Well, our South American research team has spent the last few weeks putting together our predictions for 2015.

WeLiveSecurity

TorrentLocker — Ransomware in a country near you

— December 16^th 2014 at 14:30

Today, we are publishing research on ransomware that emerged in 2014. We have posted blog articles about this threat before, to raise awareness when we realized the criminals were targeting the United Kingdom and Spain.

WeLiveSecurity

First exploitation of Internet Explorer 'Unicorn bug' in-the-wild

— November 20^th 2014 at 11:28

Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability is significant because it exploits an old bug present in Internet Explorer versions 3 through 11.

WeLiveSecurity

G20 2014 Summit Lure used to target Tibetan activists

— November 14^th 2014 at 15:29

APT actors trying to use big events as a lure to compromise their targets is nothing new. Tibetan NGOs being targeted by APT actors is also nothing new. Thus, surrounding the upcoming G20 2014 summit that is held in Brisbane, Australia, we were expecting to see G20 themed threats targeted at Tibetan NGOs. A Win32/Farfli (alias Gh0st RAT) sample ultimately confirmed our suspicions.

WeLiveSecurity

Korplug military targeted attacks: Afghanistan & Tajikistan

— November 12^th 2014 at 15:17

After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one

WeLiveSecurity

The Evolution of Webinject

— October 23^rd 2014 at 11:33

Last month, we presented “The Evolution of Webinject” in Seattle at the 24th Virus Bulletin conference. This blog post will go over its key findings and provide links to the various material that has been released in the last few weeks.

WeLiveSecurity

CVE-2014-4114: Details on August BlackEnergy PowerPoint Campaigns

— October 14^th 2014 at 15:29

In this post we provide additional information on how a specially crafted PowerPoint slideshow file (.PPSX) led to the execution of a BlackEnergy dropper.

WeLiveSecurity

Back in BlackEnergy *: 2014 Targeted Attacks in Ukraine and Poland

— September 22^nd 2014 at 22:19

State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that's evolved into a sophisticated threat with a modular architecture.

WeLiveSecurity

DeceptiveDevelopment targets freelance developers

— February 20^th 2025 at 10:00

ESET researchers analyzed a campaign delivering malware bundled with job interview challenges

WeLiveSecurity

PlushDaemon compromises supply chain of Korean VPN service

— January 22^nd 2025 at 06:00

ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon

WeLiveSecurity

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

— January 16^th 2025 at 10:00

The story of a signed UEFI application allowing a UEFI Secure Boot bypass

WeLiveSecurity

ESET Research Podcast: Telekopye, again

— December 20^th 2024 at 10:00

Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths'

WeLiveSecurity

ESET Threat Report H2 2024

— December 16^th 2024 at 10:00

A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

WeLiveSecurity

Bootkitty: Analyzing the first UEFI bootkit for Linux

— November 27^th 2024 at 07:00

ESET researchers analyze the first UEFI bootkit designed for Linux systems

WeLiveSecurity

RomCom exploits Firefox and Windows zero days in the wild

— November 26^th 2024 at 10:00

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit

WeLiveSecurity

Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine

— November 21^st 2024 at 10:00

ESET researchers analyzed previously unknown Linux backdoors that are connected to known Windows malware used by the China-aligned Gelsemium group, and to Project Wood

WeLiveSecurity

ESET Research Podcast: Finding the mythical BlackLotus bootkit

— July 12^th 2023 at 11:30

Here's a story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

WeLiveSecurity

Stop Cyberbullying Day: Prevention is everyone's responsibility

— June 16^th 2023 at 11:30

Strategies for stopping and responding to cyberbullying require a concerted, community-wide effort involving parents, educators and children themselves

WeLiveSecurity

Android GravityRAT goes after WhatsApp backups

— June 15^th 2023 at 11:30

ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files

WeLiveSecurity

7 tips for spotting a fake mobile app

— June 6^th 2023 at 11:30

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future

WeLiveSecurity

Shedding light on AceCryptor and its operation

— May 25^th 2023 at 11:30

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families

WeLiveSecurity

ESET Research Podcast: Finding the mythical BlackLotus bootkit

By: ESET Research — July 12^th 2023 at 09:30

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat

The post ESET Research Podcast: Finding the mythical BlackLotus bootkit appeared first on WeLiveSecurity

WeLiveSecurity

ESET Threat Report H1 2023

By: Roman Kováč — July 11^th 2023 at 09:30

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report H1 2023 appeared first on WeLiveSecurity

WeLiveSecurity

What’s up with Emotet?

By: Jakub Kaloč — July 6^th 2023 at 09:30

A brief summary of what happened with Emotet since its comeback in November 2021

The post What’s up with Emotet? appeared first on WeLiveSecurity