Russia hit by new wave of ransomware spam

January 2019 has seen a dramatic uptick in detections of malicious JavaScript email attachments, an attack vector that mostly lay dormant throughout 2018.  Among the “New Year edition” of malicious spam campaigns relying on this vector, we have detected a new wave of Russian-language spam that distributes ransomware known as Shade or Troldesh, and detected … More Russia hit by new wave of ransomware spam

Supply-chain attack on cryptocurrency exchange gate.io

Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange. On November 3, attackers successfully breached StatCounter, a leading web analytics platform. This service is used by many webmasters to gather statistics on their visitors – a service very similar to Google … More Supply-chain attack on cryptocurrency exchange gate.io

Attackers crack Newegg’s defenses, grab customers’ credit card data

The skimmer, injected into the store’s payment page, harvested credit-card details from the store’s online customers for more than a month. The major electronics and computer hardware retailer Newegg has announced that attackers have compromised its online payments system, potentially scooping up buyers’ credit-card data over a period of more than a month. “Yesterday we … More Attackers crack Newegg’s defenses, grab customers’ credit card data

Cryptocurrency web mining: In union there is profit

In the last months, we stumbled upon some JavaScript files apparently used to mine cryptocurrencies directly within the browser. For a long time now, cybercriminals have taken advantage of cryptocurrency mining in order to make a profit. However, they generally use malware or potentially unwanted applications they install on the victim’s machine in order to … More Cryptocurrency web mining: In union there is profit

Turla’s watering hole campaign: an updated Firefox Extension abusing Instagram

Some of the tactics used in APT attacks die hard. A good example is provided by Turla’s watering hole campaigns. This group, which has been targeting governments, government officials and diplomats for years, is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure. In fact, they have been using them … More Turla’s watering hole campaign: an updated Firefox Extension abusing Instagram

Malicious registry keys: Reflective injection

Over the years, we have witnessed how cybercriminals have developed and implemented sophisticated new techniques to outwit users. That being said, one thing has not changed and remains a constant challenge: ensuring perseverance and avoiding detection both by security solutions and the human eye. In recent months, we have started to receive various reports about suspicious and … More Malicious registry keys: Reflective injection

Gmail starts blocking JavaScript attachments: Alternative infector vectors to be expected?

As of February 13th, 2017, Gmail has started deploying their new restrictive policy on .js file attachments, extending their list of file types blocked for security reasons. After the full release, Gmail users won’t be able to send or receive mail containing .js attachments, even if they’re in a compressed and archived form. Seeing that … More Gmail starts blocking JavaScript attachments: Alternative infector vectors to be expected?