ESET experts reported that the BlackLotus UEFI bootkit, which is sold on hacker forums for about $ 5,000, is indeed capable of bypassing Secure Boot protection. According to researchers, the malware poses a threat even to fully updated machines running Windows 11 with UEFI Secure Boot enabled. Let me remind you that we also wrote… Continue reading BlackLotus UEFI Bootkit Bypasses Protection even in Windows 11
Tag: ESET
FatalRAT Malware Masks As Popular Apps in Google Ads
ESET experts have discovered the FatalRAT malware, which targets Chinese-speaking users: the threat is distributed through fake websites of popular applications and advertised through Google Ads. Let me remind you that we also wrote about Attackers Can Use GitHub Codespaces to Host and Deliver Malware, and you may also be interested in our article: Dangerous… Continue reading FatalRAT Malware Masks As Popular Apps in Google Ads
MSIL/Microsoft.Bing.A Detection (BingWallpaper.exe)
A lot of users on different forums complain about MSIL/Microsoft.Bing.A detection in ESET antivirus. This detection points to BingWallpaper.exe file – the benevolent file that belongs to Windows and is issued by Microsoft. But how could that happen – a 100% legit element marked as malicious? Let’s have a look at that story. What is… Continue reading MSIL/Microsoft.Bing.A Detection (BingWallpaper.exe)
CloudMensis Malware Attacks MacOS Users
ESET experts have discovered the CloudMensis malware, which is used to create backdoors on devices running macOS and subsequently steal information. The malware received its name due to the fact that it uses pCloud, Dropbox and Yandex.Disk cloud storages as control servers. Let me remind you that we also wrote that Vulnerability in macOS Leads… Continue reading CloudMensis Malware Attacks MacOS Users
Stabbed in the back: Chinese Mustang Panda Cyberspies Attack Russian Officials
Secureworks researchers have discovered a phishing campaign by Chinese Mustang Panda cyberspies targeting Russian officials and the military. According to experts, Chinese “government” hackers from the Mustang Panda group (aka HoneyMyte, Bronze President, RedDelta and TA416) are behind the attacks. Let me remind you that we wrote that Hacker groups split up: some of them… Continue reading Stabbed in the back: Chinese Mustang Panda Cyberspies Attack Russian Officials
Experts discovered ESPecter UEFI bootkit used for espionage
ESET experts discovered the previously unknown ESPecter UEFI bootkit, which was used for targeted attacks and espionage. So far, experts do not associate ESPecter with any specific hack groups or countries. UEFI attacks are the holy grail for hackers. After all, UEFI is loaded before the operating system and controls all processes at an “early… Continue reading Experts discovered ESPecter UEFI bootkit used for espionage
Hackers infected the Android emulator NoxPlayer with malware
UPDATE: BigNox contacted us and said that they “contacted cybersecurity firm ESET to determine the root cause of the issue,” and at this point “fixed all issues.” ESET has released an update to the article stating that hackers have infected the android NoxPlayer emulator with malware, and we are also adding following information: “BigNox stated… Continue reading Hackers infected the Android emulator NoxPlayer with malware
New worm for Android spreads rapidly via WhatsApp
ESET security researcher Lukas Stefanko reported a new malware: he said that a new worm for Android automatically spreads through WhatsApp messages. The main purpose of malware is to trick users into adware or subscription scams. The link to the fake Huawei Mobile app redirects users to a site that is very similar to the… Continue reading New worm for Android spreads rapidly via WhatsApp
KryptoCibule malware steals cryptocurrency from Windows users
ESET specialists discovered the KryptoCibule malware, which has been active since 2018 and steals cryptocurrency from Windows users in the Czech Republic and Slovakia (these countries accounted for 85% of infections). KryptoCibule has three main functions and is capable of: installing cryptocurrency miners on victims’ systems (CPU and GPU miners are used to mine Monero… Continue reading KryptoCibule malware steals cryptocurrency from Windows users
Ramsay malware attacks PCs, which isolated from the outside world
ESET analysts discovered the infrastructure of a previously unknown Ramsay malware with some very interesting features. Ramsay attacks and collects data from PCs, which are isolated from the outside world. Having penetrated into such a system, the malware collects Word files and other confidential documents, hides them in a special concealed container and waits for… Continue reading Ramsay malware attacks PCs, which isolated from the outside world