ESET Security

Bootkitty: Analyzing the First UEFI Bootkit for Linux

Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks.

Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine

The first backdoor, WolfsBane, is a Linux version of Gelsevirine, a Windows backdoor used by Gelsemium. WolfsBane is a Linux equivalent of Gelsemium’s Gelsevirine backdoor and the WolfsBane dropper is analogous to the Gelsemine dropper.

RedLine Stealer Provided Malware-as-a-Service Through Sophisticated Backend Infrastructure

ESET's analysis of RedLine Stealer revealed how the malware has evolved into a Malware-as-a-Service (MaaS) operation. The RedLine panel allows affiliates to manage cybertheft campaigns targeting credentials and financial data with ease.

Evasive Panda Using New CloudScout Toolset to Steal Data From Google Drive, Gmail, and Outlook

A toolset called CloudScout developed by the APT group Evasive Panda is targeting Taiwanese institutions to extract cloud-based data. The attacks, discovered by ESET, exploit session cookies stolen by MgBot plugins to access cloud services.

Telekopye Transitions to Targeting Tourists via Hotel Booking Scam

ESET researchers revealed that the Telekopye scam toolkit, previously known for targeting online marketplace users, has now turned its focus towards exploiting tourists via accommodation booking platforms like Booking.com and Airbnb.

Mind the (air) gap: GoldenJackal gooses government guardrails

The GoldenJackal threat actor has been targeting embassies and government organizations with a focus on infiltrating air-gapped systems. The group has been active since at least 2019.
September 11, 2024

CosmicBeetle Upgrades Arsenal with New ScRansom Ransomware to Target SMBs

CosmicBeetle has unleashed a new ransomware called ScRansom, targeting SMBs in Europe, Asia, Africa, and South America, possibly working with RansomHub. The threat actor swapped its Scarab ransomware for ScRansom, showing ongoing enhancements.

NGate Android Malware Relays NFC Traffic to Steal Credit Card Data

This malware allows attackers to emulate victims' cards, enabling them to make unauthorized payments or withdraw cash from ATMs. The campaign has been active since November 2023.

Beware of Fake AI Tools Masking a Very Real Malware Threat

Attackers disguise malicious tools as legitimate GenAI apps through phishing sites, web browser extensions, fake apps on mobile stores, and malicious ads on social media.

Cybercriminals Target Polish Businesses with Agent Tesla and Formbook Malware Delivered by ModiLoader

Cybercriminals targeted Polish businesses with Agent Tesla and Formbook malware through widespread phishing campaigns in May 2024. Small and medium-sized businesses (SMBs) in Poland, Italy, and Romania have been affected.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags