New Android trojan mimics user clicks to download dangerous malware

Android users have been exposed to a new malicious app imitating Adobe Flash Player that serves as a potential entrance for many types of dangerous malware. The application, detected by ESET security software as Android/TrojanDownloader.Agent.JI, tricks its victims into granting it special permissions in the Android accessibility menu and uses these to download and execute … More New Android trojan mimics user clicks to download dangerous malware

Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads

Millions of readers who visited popular news websites have been targeted by a series of malicious ads redirecting to an exploit kit exploiting several Flash vulnerabilities. Since at least the beginning of October, users might have encountered ads promoting applications calling themselves “Browser Defence” and “Broxu” using banners similar to the ones below: These advertisement … More Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads

Tesco Bank not alone in being targeted by Retefe malware

For clarification, this article is focused on providing information on the increased activity of the Retefe banking trojan, which has been targeting various banks, mostly in Switzerland, Austria, and the UK. While this is happening at the same time as news breaking that Tesco Bank suffered a major cyberattack, there is no concrete evidence that … More Tesco Bank not alone in being targeted by Retefe malware

TorrentLocker: Crypto-ransomware still active, using same tactics

In December 2014, ESET released a white paper about TorrentLocker, a crypto-ransomware family spreading, via spam, email messages that impersonated local postal service, energy or telecom companies. The paper described its distribution scheme, its core functionalities, its network protocol and exposed some similarities with the Hesperbot banking trojan. During the last few months, we decided to … More TorrentLocker: Crypto-ransomware still active, using same tactics

First Twitter-controlled Android botnet discovered

Android/Twitoor is a backdoor capable of downloading other malware onto an infected device. It has been active for around one month. This malicious app can’t be found on any official Android app store – it probably spreads by SMS or via malicious URLs. It impersonates a porn player app or MMS application but without having … More First Twitter-controlled Android botnet discovered

Nemucod serves nasty package: Combining ransomware and ad-clickers

Nemucod, previously one of the worst infecting malware types in Ireland is causing mayhem again. Just last week ESET reported on Nemucod shifting away from ransomware and downloading the ad-clicking malware Kovter instead. Now, it seems that the operators of the notorious downloader went a step further and are serving their victims the whole package … More Nemucod serves nasty package: Combining ransomware and ad-clickers

Nemucod now spreading banking trojans

ESET researchers noticed a huge outbreak of a new Spy.Banker variant, detected as Spy.Banker.ADEA. Nemucod has previously been one of the most detected malwares in Ireland. On the morning of Friday August 12th, at around 12pm CET this new variant was spotted in Brazil. Similar to previous ones used by other banking trojans in South America, … More Nemucod now spreading banking trojans