Aerospace and military companies in the crosshairs of cyberspies

ESET researchers uncover targeted attacks against high-profile aerospace and military companies. At the end of last year, we discovered targeted attacks against aerospace and military companies in Europe and the Middle East, active from September to December 2019. A collaborative investigation with two of the affected European companies allowed us to gain insight into the … More Aerospace and military companies in the crosshairs of cyberspies

ESET researchers detect a new trick used by malware to slip into the official Android app store

ESET researchers discovered an extremely stealthy – yet surprisingly simple – technique that allowed Android malware to stay under the radar. Analyzing the DEFENSOR ID app that was – at the time – available on the official Android app store, ESET researchers learned the app misused Accessibility Services but required no other suspicious permission nor … More ESET researchers detect a new trick used by malware to slip into the official Android app store

Old extortion spam email in Irish mailboxes, with a new Coronavirus twist

At ESET Ireland we’ve come across a novel twist on the usual “send money or bad things will happen” extortion spam email, hitting Irish mailboxes. The extortion letter starts in the usual manner, showing a victim’s password, likely gathered from one of the major security breaches over the years, which the victim could recognise as … More Old extortion spam email in Irish mailboxes, with a new Coronavirus twist

Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon

ESET researchers have discovered a new downloader with a novel, not previously seen in the wild installation technique. DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. … More Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon

Malicious campaign targets South Korean users with backdoor-laced torrents

ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure. Fans of Korean TV should be on the lookout for an ongoing campaign spreading malware via torrent sites, using South Korean movies and TV shows as a guise. The malware allows the attacker to connect … More Malicious campaign targets South Korean users with backdoor-laced torrents