Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon

ESET researchers have discovered a new downloader with a novel, not previously seen in the wild installation technique. DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. … More Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon

Malicious campaign targets South Korean users with backdoor-laced torrents

ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure. Fans of Korean TV should be on the lookout for an ongoing campaign spreading malware via torrent sites, using South Korean movies and TV shows as a guise. The malware allows the attacker to connect … More Malicious campaign targets South Korean users with backdoor-laced torrents

Buhtrap backdoor and ransomware distributed via major advertising platform

Criminal activities against accountants on the rise – Buhtrap and RTM still active. What better way to target accountants than to target them as they search the web, looking for documents pertinent to their job? This is just what has been happening for the past few months, where a group using two well-known backdoors — Buhtrap and RTM — … More Buhtrap backdoor and ransomware distributed via major advertising platform

Supply-chain attack on cryptocurrency exchange gate.io

Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange. On November 3, attackers successfully breached StatCounter, a leading web analytics platform. This service is used by many webmasters to gather statistics on their visitors – a service very similar to Google … More Supply-chain attack on cryptocurrency exchange gate.io

Antimalware Day: The evolution of malicious code

Celebrated annually on November 3, Antimalware Day is an opportunity to recognize the work of cybersecurity professionals. Since 2017, November 3 has been celebrated as Antimalware Day. Established by ESET, Antimalware Day aims to honor the work done by researchers in the field of information security and in the technology industry as a whole. As … More Antimalware Day: The evolution of malicious code

Malicious registry keys: Reflective injection

Over the years, we have witnessed how cybercriminals have developed and implemented sophisticated new techniques to outwit users. That being said, one thing has not changed and remains a constant challenge: ensuring perseverance and avoiding detection both by security solutions and the human eye. In recent months, we have started to receive various reports about suspicious and … More Malicious registry keys: Reflective injection

Malicious scripts in compromised websites and how to protect yourself

When talking about the attacks and threats users must face every day, people often highlight those that are more or less predictable, such as malicious archives sent as email attachments. Even though these threats are still very present (e.g. in the different ransomware variants), cybercriminals also use many other attack vectors. Some of the most dangerous … More Malicious scripts in compromised websites and how to protect yourself