ESET Research discovers Bandidos, a new spying campaign in Venezuela

The latest version of Bandook steals sensitive documents and credentials from corporate networks, creates a malicious Chrome extension, and misuses URL shorteners like Rebrandly and Bitly. ESET Research has recently uncovered a new and still active campaign that uses more advanced versions of the old crimeware Bandook to spy on its victims. The ongoing campaign … More ESET Research discovers Bandidos, a new spying campaign in Venezuela

ESET research into Latin American banking trojans continues

Bold Ousaban steals credentials with obscene images as a decoy. ESET Research continues its regular series into demystifying Latin American banking trojans, this time with a deep dive into Ousaban (aka Javali) malware. According to ESET telemetry, Ousaban is active only in Brazil, although some sources claim it is active in Europe as well. The … More ESET research into Latin American banking trojans continues

ESET Research uncovers Janeleiro, a new banking trojan attacking corporate users in Brazil

ESET Research has uncovered a new banking trojan that has been targeting corporate users in Brazil since at least 2019 across many sectors, including engineering, healthcare, retail, manufacturing, finance, transportation, and governmental institutions. ESET dubbed the new threat Janeleiro. It attempts to deceive its victims with pop-up windows designed to look like the websites of … More ESET Research uncovers Janeleiro, a new banking trojan attacking corporate users in Brazil

Vadokrist: A wolf in sheep’s clothing

ESET researchers published today another installment in their ongoing series of Latin American banking trojans. Since 2018 they have investigated Vadokrist, a trojan that is specifically focused on Brazil. The malware utilizes backdoor functionality and is distributed via malicious spam emails targeting financial institutions. Unlike most other Latin American banking trojans, Vadokrist does not collect … More Vadokrist: A wolf in sheep’s clothing

ESET researchers disrupt cryptomining botnet VictoryGate

ESET researchers have recently discovered a previously undocumented botnet named VictoryGate. It has been active since at least May 2019, and is composed mainly of devices in Peru, where over 90% of the infected devices are located. The main activity of the botnet is mining Monero cryptocurrency. The victims include organizations in both public and … More ESET researchers disrupt cryptomining botnet VictoryGate