A dive into Turla PowerShell usage

ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only. Turla, also known as Snake, is an infamous espionage group recognized for its complex malware. To confound detection, its operators recently started using PowerShell scripts that provide direct, in-memory loading and execution of malware executables and libraries. … More A dive into Turla PowerShell usage

Turla LightNeuron: An email too far

ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments. Due to security improvements in operating systems, rootkit usage has been in constant decline for several years. As such, malware developers – especially those working in espionage groups – have been busy developing new stealthy userland malware. Recently, ESET researchers … More Turla LightNeuron: An email too far

Bug in EA’s Origin client left gamers open to attacks

The gaming company has rolled out a fix for the remote code execution vulnerability, so make sure you run the platform’s latest version. Electronic Arts (EA) has fixed a security flaw in the Windows version of its gaming client Origin that allowed attackers to remotely execute code on an affected computer. The vulnerability was discovered by … More Bug in EA’s Origin client left gamers open to attacks

DanaBot shifts its targeting to Europe, adds new features

ESET researchers have discovered new DanaBot campaigns targeting a number of European countries. Recently, we have spotted a surge in activity of DanaBot, a stealthy banking Trojan discovered earlier this year. The malware, first observed in campaigns targeting Australia and later Poland, has apparently expanded further, with campaigns popping up in Italy, Germany, Austria, and … More DanaBot shifts its targeting to Europe, adds new features