Skip to main content

Tag: eset

14 articles

Internal computer components, including a motherboard and UEFI firmware chip, in a bright laboratory setting.

Vulnerabilities in UEFI Shims Expose Secure Boot Bypass Risk

Thousands of systems may be at risk of a Secure Boot bypass due to vulnerabilities in 11 UEFI shim bootloaders, all signed by Microsoft, that allow attackers to circumvent security measures. These weaknesses have the potential to create a broad attack surface, putting many devices at risk of compromise.

Analyst 207
Motherboard components and UEFI firmware chip in a well-lit lab setting.

Microsoft-Signed Linux UEFI Shims Expose Secure Boot Bypass Risk

A newly discovered vulnerability in 11 Microsoft-signed Linux UEFI shims could allow hackers to bypass Secure Boot and deploy malicious code during system startup, putting your device at risk of infection with UEFI bootkits or other malware. This security flaw enables attackers to execute untrusted code during boot, making it a critical threat to your system's security.

Analyst 207
Cluttered software development workspace with laptop, monitor, and papers.

Malicious AI Agents Infiltrate Open Source Repositories

A recent ESET study uncovered a staggering number of malicious AI agents hiding in plain sight within open-source repositories, with tens of thousands of suspicious instances and thousands more flagged as outright malicious. This alarming trend suggests a rapidly escalating threat landscape, with cyber attackers leveraging AI to plan, execute, and scale their attacks.

Analyst 207
Ukrainian government building interior with a computer workstation and hints of cyberattack disruption.

Gamaredon Intensifies Ukraine Cyberattacks with Novel Malware Tools

Gamaredon ramped up its cyberattack efforts in Ukraine last year, unleashing 35 targeted spear-phishing campaigns that zeroed in on government and military targets. The group's goal was to siphon off sensitive information to fuel Russian interests in the ongoing conflict.

Analyst 207
Cluttered office desk with a Windows laptop, papers, and supplies, near a window with a blurred network router in the…

China-Linked SprySOCKS Backdoor Targets Windows with Driver-Based Stealth

ESET has uncovered a Windows variant of the SprySOCKS backdoor, previously thought to only affect Linux, marking a significant expansion of its capabilities. This new variant, version 1.8, uses driver-based stealth and can communicate through TCP, UDP, and WebSocket channels.

Analyst 207
Smartphone on cluttered desk in Middle Eastern-style room with Arabic patterns, beside newspapers and manual.

ESET Exposes Android Spyware Asin Targeting Arabic Users

Malicious apps masquerading as legitimate tools have been targeting Arabic-speaking Android users, packing stealthy spyware capabilities that allow them to siphon off sensitive information. These fake apps, part of a spyware cluster called Asin, are being spread through fraudulent websites and social accounts.

Analyst 207
Workers inspect a shipping container at a busy Gulf port with cargo ships and cranes in the background.

Chinese Hackers Exploit Middle East War to Target Energy, Maritime Firms

Chinese-aligned hackers are intensifying their attacks on maritime and energy companies in the Gulf region, exploiting the Middle East conflict to expand their espionage operations and gain a strategic advantage for Beijing. This alarming surge in cyber threats has been flagged by cybersecurity researchers at ESET.

Analyst 207
Discarded Android smartphones and tech components litter a dimly lit urban alleyway.

ESET Exposes BTMOB Android Malware Service

Meet BTMOB, a sneaky Android malware that's being sold as a subscription service - think $700/month or a one-time $5,000 fee for a lifetime license - making it easy for anyone to become a cyber threat actor. This malware-as-a-service platform even comes with a user-friendly APK builder, requiring zero coding skills.

Analyst 207
Government building facade with people walking in distance, laptop screen in foreground showing blurred code.

Webworm APT Expands European Reach with Evolved Tactics

Meet Webworm, a China-aligned APT group that's now setting its sights on European governments and beyond, with a semi-opportunistic approach that's taken its targets to Belgium, Italy, Poland, Serbia, Spain, and even South Africa. This threat actor's evolved tactics signal a concerning expansion of its reach.

Analyst 207
Smartphone with blurred Google Play Store page on screen, surrounded by receipts on a neutral surface in a bright, everyday…

Fraudulent Call History Apps Drain Millions via 7.3M Play Store Downloads

Millions of Android users have been duped into downloading 28 fake call history apps from the Google Play Store, with over 7.3 million downloads recorded before they were finally removed. These apps, which promised access to call logs and more, actually delivered nothing but randomly generated data - and a hefty price tag.

Analyst 207
Brightly lit computer workstation with generic gaming peripherals and cables against a neutral background.

ScarCruft Expands Malware Arsenal with Multi-Platform BirdCall Backdoor

ScarCruft hackers have launched a sneaky attack on a popular video game platform, infecting both Windows and Android users with a new backdoor called BirdCall. The multi-platform threat has been targeting ethnic Koreans in China since late 2024, allowing hackers to gain unauthorized access.

Analyst 207
Smartphone on a cluttered gaming desk with blurred Android game interface.

North Korean Hackers Infiltrate Android Games to Spy on Defectors

Security researchers at Eset stumbled upon a sneaky plot by North Korean hackers, who infiltrated popular Android games to spy on defectors by hiding a backdoor called BirdCall in the apps. The malicious code was cleverly disguised in game files available for download on a regional gaming platform's official website.

Analyst 207
Government agency office interior with subtle computer equipment hints.

Eset Exposes Chinese Hackers' Careless Backdoor Tactics

Chinese hackers have been caught off guard by their own carelessness, leaving behind a digital trail that exposed their previously undetected backdoor tactics. Researchers uncovered over 9,000 messages revealing the attackers' testing systems and habits, leading to the identification of a Chinese nation-state actor dubbed GopherWhisper.

Analyst 207
Government office interior with computers and a large window, featuring a subtle network diagram in the background.

China-Linked GopherWhisper Targets Mongolian Government Systems with Go Backdoors

A China-linked cyber group, dubbed GopherWhisper, has been targeting Mongolian government systems with a suite of Go-based backdoors, infecting at least 12 systems and potentially dozens more. The attackers used clever tactics, routing command-and-control traffic through compromised Discord and Slack servers.

Analyst 207