First BlueKeep attacks prompt fresh warnings

The infamous vulnerability has been exploited for a cryptocurrency mining campaign, but more damaging attacks may still be in store. Ever since it was discovered six months ago, the BlueKeep vulnerability has had (not only) the cybersecurity community concerned about impending WannaCryptor-style attacks. Earlier in November, Microsoft together with security researchers Kevin Beaumont and Marcus Hutchins shed light on … More First BlueKeep attacks prompt fresh warnings

Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser

ESET researchers discover a trojanized Tor Browser distributed by cybercriminals to steal bitcoins from darknet market buyers. Utilizing a trojanized version of an official Tor Browser package, the cybercriminals behind this campaign have been very successful – so far their pastebin.com accounts have had more than 500,000 views and they were able to steal US$40,000+ … More Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser

Connecting the dots: Exposing the arsenal and methods of the Winnti Group

New ESET white paper released describing updates to the malware arsenal and campaigns of this group known for its supply-chain attacks. Today, ESET Research releases a white paper updating our understanding of the Winnti Group. Last March, ESET researchers warned about a new supply-chain attack targeting video game developers in Asia. Following that publication, we continued … More Connecting the dots: Exposing the arsenal and methods of the Winnti Group

Casbaneiro: Dangerous cooking with a secret ingredient

Número dois in our series demystifying Latin American banking trojans. Most reverse engineers would agree that quite often one can learn something new on the job. However, it is not every day you learn how to cook a delicious meal while analyzing malware. This unique experience is provided by a malware family we discuss in … More Casbaneiro: Dangerous cooking with a secret ingredient

LoudMiner: Cross-platform mining in cracked VST software

The story of a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS. Introduction LoudMiner is an unusual case of a persistent cryptocurrency miner, distributed for macOS and Windows since August 2018. It uses virtualization software – QEMU on macOS and VirtualBox on Windows – to mine cryptocurrency … More LoudMiner: Cross-platform mining in cracked VST software

Malware sidesteps Google permissions policy with new 2FA bypass technique

ESET analysis uncovers a novel technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions. When Google restricted the use of SMS and Call Log permissions in Android apps in March 2019, one of the positive effects was that credential-stealing apps lost the option to abuse these permissions for bypassing SMS-based two-factor authentication (2FA) mechanisms. … More Malware sidesteps Google permissions policy with new 2FA bypass technique

ESET discovers new fake cryptocurrency apps on Google Play able to phish and scam users out of cryptocurrency

ESET researchers have just concluded their analysis of fake cryptocurrency wallets that emerged on Google Play at the time of bitcoin’s renewed spike in value. This month has seen bitcoin growing, with its price climbing to its highest point since September 2018. Not surprisingly, cybercriminals were quick to notice this development and started upping their … More ESET discovers new fake cryptocurrency apps on Google Play able to phish and scam users out of cryptocurrency