Old extortion spam email in Irish mailboxes, with a new Coronavirus twist

At ESET Ireland we’ve come across a novel twist on the usual “send money or bad things will happen” extortion spam email, hitting Irish mailboxes. The extortion letter starts in the usual manner, showing a victim’s password, likely gathered from one of the major security breaches over the years, which the victim could recognise as … More Old extortion spam email in Irish mailboxes, with a new Coronavirus twist

Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon

ESET researchers have discovered a new downloader with a novel, not previously seen in the wild installation technique. DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. … More Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon

Malicious campaign targets South Korean users with backdoor-laced torrents

ESET researchers have discovered a malicious campaign distributing a backdoor via torrents, with Korean TV content used as a lure. Fans of Korean TV should be on the lookout for an ongoing campaign spreading malware via torrent sites, using South Korean movies and TV shows as a guise. The malware allows the attacker to connect … More Malicious campaign targets South Korean users with backdoor-laced torrents

Buhtrap backdoor and ransomware distributed via major advertising platform

Criminal activities against accountants on the rise – Buhtrap and RTM still active. What better way to target accountants than to target them as they search the web, looking for documents pertinent to their job? This is just what has been happening for the past few months, where a group using two well-known backdoors — Buhtrap and RTM — … More Buhtrap backdoor and ransomware distributed via major advertising platform

Supply-chain attack on cryptocurrency exchange gate.io

Latest ESET research shows just how far attackers will go in order to steal bitcoin from customers of one specific virtual currency exchange. On November 3, attackers successfully breached StatCounter, a leading web analytics platform. This service is used by many webmasters to gather statistics on their visitors – a service very similar to Google … More Supply-chain attack on cryptocurrency exchange gate.io

Antimalware Day: The evolution of malicious code

Celebrated annually on November 3, Antimalware Day is an opportunity to recognize the work of cybersecurity professionals. Since 2017, November 3 has been celebrated as Antimalware Day. Established by ESET, Antimalware Day aims to honor the work done by researchers in the field of information security and in the technology industry as a whole. As … More Antimalware Day: The evolution of malicious code

Malicious registry keys: Reflective injection

Over the years, we have witnessed how cybercriminals have developed and implemented sophisticated new techniques to outwit users. That being said, one thing has not changed and remains a constant challenge: ensuring perseverance and avoiding detection both by security solutions and the human eye. In recent months, we have started to receive various reports about suspicious and … More Malicious registry keys: Reflective injection