ESET

GentleKiller targets more than 400 security processes across 48 products

cybercrime, Don't miss, Endpoint Security, ESET, Malware, News, Ransomware, research /

GentleKiller targets more than 400 security processes across 48 products 2026-06-18 at 12:00 By Anamarija Pogorelec Most ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a different model. Its operators develop and maintain a set of tools for shutting down endpoint detection and response (EDR) […]

GentleKiller targets more than 400 security processes across 48 products Read More »

Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns

APT, China, cybercrime, ESET, Iran, News, North Korea, report, Russian Federation, Ukraine /

Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns 2026-05-28 at 12:42 By Sinisa Markovic Geopolitical pressure drove much of the state-sponsored cyber activity recorded between October 2025 and March 2026, according to ESET’s latest APT Activity Report. Espionage groups aligned with China, North Korea, Russia, and Iran adjusted their

Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns Read More »

Webworm APT targets European government organizations with new backdoors

APT, backdoor, ESET, Europe, Government, Hot stuff, News /

Webworm APT targets European government organizations with new backdoors 2026-05-20 at 17:48 By Anamarija Pogorelec ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially focused on targets in Asia, but has recently expanded its operations

Webworm APT targets European government organizations with new backdoors Read More »

CallPhantom Android scam reached 7.3 million downloads on Google Play

Android, cybercrime, ESET, Google Play, Malware, News, scams, smartphones, threats /

CallPhantom Android scam reached 7.3 million downloads on Google Play 2026-05-07 at 12:00 By Anamarija Pogorelec Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play

CallPhantom Android scam reached 7.3 million downloads on Google Play Read More »

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China

attack, cybercrime, ESET, Malware, News, North Korea, online gaming, supply chain attacks, threats /

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China 2026-05-05 at 13:21 By Sinisa Markovic A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China Read More »

GopherWhisper APT group hides command and control traffic in Slack and Discord

APT, backdoor, cybercrime, cybersecurity, Don't miss, ESET, News /

GopherWhisper APT group hides command and control traffic in Slack and Discord 2026-04-23 at 12:17 By Anamarija Pogorelec Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group pushes that trend further, running its operations through Slack workspaces, Discord servers, Outlook

GopherWhisper APT group hides command and control traffic in Slack and Discord Read More »

NGate NFC malware targets Android users through trojanized payment app

Android, cybercrime, ESET, fraud, generative AI, Malware, News, scams /

NGate NFC malware targets Android users through trojanized payment app 2026-04-21 at 12:00 By Mirko Zorz NFC-based payment fraud is expanding geographically and operationally. A campaign active since November 2025 is targeting Android users in Brazil using a new variant of the NGate malware family, this time embedded in a trojanized version of HandyPay, a

NGate NFC malware targets Android users through trojanized payment app Read More »

EDR killers are now standard equipment in ransomware attacks

attacks, ESET, Finn Partners Research, News, Ransomware, research /

EDR killers are now standard equipment in ransomware attacks 2026-03-19 at 12:02 By Anamarija Pogorelec Ransomware attackers routinely deploy tools designed to disable endpoint detection and response software before launching encryptors. These tools, known as EDR killers, have become a standard component of ransomware intrusions. ESET Research tracked nearly 90 EDR killers actively used in

EDR killers are now standard equipment in ransomware attacks Read More »

This spy tool has been quietly stealing data for years

cybercrime, ESET, Keylogger, News, research, Russian Federation, Ukraine /

This spy tool has been quietly stealing data for years 2026-03-10 at 13:00 By Help Net Security ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate cloud provider to ensure operational resilience. This dual-implant architecture has enabled sustained surveillance

This spy tool has been quietly stealing data for years Read More »

A fake romance turns into an Android spyware infection

cybercrime, ESET, Malware, News, romance scams, scams /

A fake romance turns into an Android spyware infection 2026-01-29 at 02:20 By Anamarija Pogorelec ESET researchers have identified an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan. The operation relies on a malicious app disguised as a chat service that routes conversations through WhatsApp. Behind the romance lure, the

A fake romance turns into an Android spyware infection Read More »

Poland repels data-wiping malware attack on energy systems

APT, cyber resilience, disruption, Don't miss, energy sector, ESET, EU, govern, Hot stuff, Malware, News, poland, Russian Federation /

Poland repels data-wiping malware attack on energy systems 2026-01-26 at 14:37 By Zeljka Zorz Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and

Poland repels data-wiping malware attack on energy systems Read More »

Group Policy abuse reveals China-aligned espionage group targeting governments

APT, China, cybercrime, ESET, Malware, News, surveillance /

Group Policy abuse reveals China-aligned espionage group targeting governments 2025-12-18 at 13:42 By Anamarija Pogorelec ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks. The group, tracked as LongNosedGoblin, has targeted government institutions in Southeast Asia and Japan with

Group Policy abuse reveals China-aligned espionage group targeting governments Read More »

MuddyWater cyber campaign adds new backdoors in latest wave of attacks

backdoor, cybercrime, ESET, Iran, Malware, News /

MuddyWater cyber campaign adds new backdoors in latest wave of attacks 2025-12-02 at 15:15 By Sinisa Markovic ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running cyberespionage group, and new findings points to a campaign

MuddyWater cyber campaign adds new backdoors in latest wave of attacks Read More »

Threat group reroutes software updates through hacked network gear

China, cybercrime, cybersecurity, DNS, Don't miss, ESET, News /

Threat group reroutes software updates through hacked network gear 2025-11-19 at 12:02 By Sinisa Markovic Sometimes an attack hides in the most ordinary corner of a network. ESET researchers say a China aligned threat group known as PlushDaemon has been quietly using hacked routers to steer software updates toward its own servers. The discovery shows

Threat group reroutes software updates through hacked network gear Read More »

Russia-linked hackers intensify attacks as global APT activity shifts

APT, China, cybercrime, Don't miss, ESET, EU, Europe, News, North Korea, report, Russian Federation /

Russia-linked hackers intensify attacks as global APT activity shifts 2025-11-06 at 14:50 By Anamarija Pogorelec State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity Report covering April through September 2025. The research highlights how operations linked to Russia, China, Iran,

Russia-linked hackers intensify attacks as global APT activity shifts Read More »

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector

cybercrime, cybersecurity, Don't miss, ESET, Malware, News, North Korea, Remote Access Trojan, scams, threats, trojan /

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector 2025-10-23 at 09:23 By Sinisa Markovic ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several European defense contractors, including firms deeply involved in drone and

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector Read More »

ProSpy and ToSpy: New spyware families impersonating secure messaging apps

Android, cybercrime, ESET, Malware, News, Signal, spyware /

ProSpy and ToSpy: New spyware families impersonating secure messaging apps 2025-10-02 at 12:04 By Anamarija Pogorelec ESET researchers have found two Android spyware campaigns aimed at people looking for secure messaging apps such as Signal and ToTok. The attackers spread the spyware through fake websites and social engineering. Researchers identified two previously unknown spyware families.

ProSpy and ToSpy: New spyware families impersonating secure messaging apps Read More »

North Korean IT workers use fake profiles to steal crypto

Cryptocurrency, cybercrime, cybercriminals, Don't miss, ESET, fraud, News, North Korea /

North Korean IT workers use fake profiles to steal crypto 2025-09-25 at 12:04 By Sinisa Markovic ESET Research has published new findings on DeceptiveDevelopment, also called Contagious Interview. This North Korea-aligned group has become more active in recent years and focuses on stealing cryptocurrency. It targets freelance developers working on Windows, Linux, and macOS systems.

North Korean IT workers use fake profiles to steal crypto Read More »

Researchers believe Gamaredon and Turla threat groups are collaborating

cybercrime, ESET, News, research, Russian Federation /

Researchers believe Gamaredon and Turla threat groups are collaborating 2025-09-19 at 08:31 By Help Net Security ESET Research has discovered evidence of collaboration between the Gamaredon and Turla threat groups. Both groups are linked to Russia’s primary intelligence agency, the FSB, and were found working in tandem to target high-profile organizations in Ukraine. In these

Researchers believe Gamaredon and Turla threat groups are collaborating Read More »

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot

bootkit, Don't miss, ESET, Hot stuff, News, Ransomware /

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot 2025-09-12 at 19:00 By Help Net Security ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of compromising UEFI-based systems and weaponizing CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. The sample was uploaded from

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot Read More »

Scroll to Top