CloudMensis Malware Attacks MacOS Users

ESET experts have discovered the CloudMensis malware, which is used to create backdoors on devices running macOS and subsequently steal information. The malware received its name due to the fact that it uses pCloud, Dropbox and Yandex.Disk cloud storages as control servers. Let me remind you that we also wrote that Vulnerability in macOS Leads… Continue reading CloudMensis Malware Attacks MacOS Users

Stabbed in the back: Chinese Mustang Panda Cyberspies Attack Russian Officials

Secureworks researchers have discovered a phishing campaign by Chinese Mustang Panda cyberspies targeting Russian officials and the military. According to experts, Chinese “government” hackers from the Mustang Panda group (aka HoneyMyte, Bronze President, RedDelta and TA416) are behind the attacks. Let me remind you that we wrote that Hacker groups split up: some of them… Continue reading Stabbed in the back: Chinese Mustang Panda Cyberspies Attack Russian Officials

Experts discovered ESPecter UEFI bootkit used for espionage

ESET experts discovered the previously unknown ESPecter UEFI bootkit, which was used for targeted attacks and espionage. So far, experts do not associate ESPecter with any specific hack groups or countries. UEFI attacks are the holy grail for hackers. After all, UEFI is loaded before the operating system and controls all processes at an “early… Continue reading Experts discovered ESPecter UEFI bootkit used for espionage

Hackers infected the Android emulator NoxPlayer with malware

UPDATE: BigNox contacted us and said that they “contacted cybersecurity firm ESET to determine the root cause of the issue,” and at this point “fixed all issues.” ESET has released an update to the article stating that hackers have infected the android NoxPlayer emulator with malware, and we are also adding following information: “BigNox stated… Continue reading Hackers infected the Android emulator NoxPlayer with malware

New worm for Android spreads rapidly via WhatsApp

ESET security researcher Lukas Stefanko reported a new malware: he said that a new worm for Android automatically spreads through WhatsApp messages. The main purpose of malware is to trick users into adware or subscription scams. The link to the fake Huawei Mobile app redirects users to a site that is very similar to the… Continue reading New worm for Android spreads rapidly via WhatsApp

KryptoCibule malware steals cryptocurrency from Windows users

ESET specialists discovered the KryptoCibule malware, which has been active since 2018 and steals cryptocurrency from Windows users in the Czech Republic and Slovakia (these countries accounted for 85% of infections). KryptoCibule has three main functions and is capable of: installing cryptocurrency miners on victims’ systems (CPU and GPU miners are used to mine Monero… Continue reading KryptoCibule malware steals cryptocurrency from Windows users

Ramsay malware attacks PCs, which isolated from the outside world

ESET analysts discovered the infrastructure of a previously unknown Ramsay malware with some very interesting features. Ramsay attacks and collects data from PCs, which are isolated from the outside world. Having penetrated into such a system, the malware collects Word files and other confidential documents, hides them in a special concealed container and waits for… Continue reading Ramsay malware attacks PCs, which isolated from the outside world

Grandoreiro Banker Spreads Through Fake Coronavirus Videos

ESET analysts warned about surge in the activity of the banking Trojan Grandoreiro amid COVID-19 pandemic. The bunker is distributed through fake coronavirus videos. Experts report that Grandoreiro, previously written in Delphi, was distributed mainly through spam, through fake messages about the need to update Java or Flash. “We have seen Grandoreiro being distributed solely… Continue reading Grandoreiro Banker Spreads Through Fake Coronavirus Videos

Kr00k Wi-Fi-chips vulnerability affects over a billion devices

At the RSA 2020 conference, ESET specialists spoke about the new Kr00k vulnerability (CVE-2019-15126) that can be used to intercept and decrypt Wi-Fi traffic (WPA2). Researchers believe that the Kr00k vulnerability in Wi-Fi-chips affects more than a billion devices. This problem affects any device that uses the solutions of Cypress Semiconductor and Broadcom, from laptops… Continue reading Kr00k Wi-Fi-chips vulnerability affects over a billion devices

Winnti hacking group attacked Hong Kong universities

ESET experts found that during protests that began back in March 2019, Winnti attacked two unnamed Hong Kong universities. The attacks were detected in November 2019 and began with the discovery of the ShadowPad launcher, which was found on several devices at two universities (shortly after the previous Winnti campaign detected in October of that… Continue reading Winnti hacking group attacked Hong Kong universities