Malicious code is nothing to worry about on Linux, right? Hold your penguins. How Linux malware has gone from the sidelines to the headlines. Gone are the days when the idea of viruses or other malware hitting Linux was almost universally greeted with quizzical glances, if not outright rejection. Long thought of as the perfect … More Linux and malware: Should you worry?
Número dois in our series demystifying Latin American banking trojans. Most reverse engineers would agree that quite often one can learn something new on the job. However, it is not every day you learn how to cook a delicious meal while analyzing malware. This unique experience is provided by a malware family we discuss in … More Casbaneiro: Dangerous cooking with a secret ingredient
ESET researchers describe the latest components used in a recent Sednit campaign. While summer is usually synonymous with vacations, it seems that the Sednit group has been developing new components to add to the Zebrocy malware family. The Sednit group – also known as APT28, Fancy Bear, Sofacy or STRONTIUM – has been operating since … More No summer vacations for Zebrocy
ESET researchers discovered a campaign that uses two malicious tools with similar capabilities to ensure both resilience and broader potential for the attackers. We’ve discovered an ongoing campaign in the Balkans spreading two tools having a similar purpose: a backdoor and a remote access trojan we named, respectively, BalkanDoor and BalkanRAT. BalkanRAT enables the attacker … More In the Balkans, businesses are under fire from a double‑barreled cyberweapon
ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure. Fans of Korean TV should be on the lookout for an ongoing campaign spreading malware via torrent sites, using South Korean movies and TV shows as a guise. The malware allows the attacker to connect … More Malicious campaign targets South Korean users with backdoor-laced torrents
Criminal activities against accountants on the rise – Buhtrap and RTM still active. What better way to target accountants than to target them as they search the web, looking for documents pertinent to their job? This is just what has been happening for the past few months, where a group using two well-known backdoors — Buhtrap and RTM — … More Buhtrap backdoor and ransomware distributed via major advertising platform
As the curtain slowly falls on yet another eventful year in cybersecurity, let’s look back on some of the finest malware analysis by ESET researchers in 2018. If you never got the chance to read this year’s investigations by ESET researchers into some of the most dangerous hacker shenanigans in recent years, or if you … More 2018: Research highlights from ESET’s leading lights