Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser

ESET researchers discover a trojanized Tor Browser distributed by cybercriminals to steal bitcoins from darknet market buyers. Utilizing a trojanized version of an official Tor Browser package, the cybercriminals behind this campaign have been very successful – so far their pastebin.com accounts have had more than 500,000 views and they were able to steal US$40,000+ … More Fleecing the onion: Darknet shoppers swindled out of bitcoins via trojanized Tor Browser

Casbaneiro: Dangerous cooking with a secret ingredient

Número dois in our series demystifying Latin American banking trojans. Most reverse engineers would agree that quite often one can learn something new on the job. However, it is not every day you learn how to cook a delicious meal while analyzing malware. This unique experience is provided by a malware family we discuss in … More Casbaneiro: Dangerous cooking with a secret ingredient

In the Balkans, businesses are under fire from a double‑barreled cyberweapon

ESET researchers discovered a campaign that uses two malicious tools with similar capabilities to ensure both resilience and broader potential for the attackers. We’ve discovered an ongoing campaign in the Balkans spreading two tools having a similar purpose: a backdoor and a remote access trojan we named, respectively, BalkanDoor and BalkanRAT. BalkanRAT enables the attacker … More In the Balkans, businesses are under fire from a double‑barreled cyberweapon

Banking Malware: Countering the threats with certified (browser) protection

These days, there isn’t much that can’t be done on mobile, and that includes banking. Banking apps are quickly becoming the go to method of managing finances, and as a result, mobile banking malware targeting Android phones has become a serious and somewhat underestimated threat. For malware creators motivated by financial gain, banking apps provide … More Banking Malware: Countering the threats with certified (browser) protection

LoudMiner: Cross-platform mining in cracked VST software

The story of a Linux miner bundled with pirated copies of VST (Virtual Studio Technology) software for Windows and macOS. Introduction LoudMiner is an unusual case of a persistent cryptocurrency miner, distributed for macOS and Windows since August 2018. It uses virtualization software – QEMU on macOS and VirtualBox on Windows – to mine cryptocurrency … More LoudMiner: Cross-platform mining in cracked VST software

Navigating the murky waters of Android banking malware

An interview with ESET malware researcher Lukáš Štefanko about Android banking malware, the topic of his latest white paper. Banking malware continued to plague the Android platform throughout 2018, with cybercrooks relentlessly targeting users with banking Trojans and fake banking apps, but also experimenting with new money-stealing techniques. To help users navigate the tricky and expanding landscape of Android … More Navigating the murky waters of Android banking malware