Cisco Talos recently published an analysis of an EDR killer used by the #Qilin #ransomware gang. #ESETresearch tracks this threat as #CardSpaceKiller and we recently provided additional insights in our blog www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch's Eric Howard will be presenting at Botconf. Join him in Reims, France to hear about “GopherWhisper, Uncovering an APT’s secrets through its own words” on Apr 15 at 17.15 CEST. For more information, check out www.botconf.eu/botconf-2026... 1/3

#ESETresearch has identified an Akira lookalike ransomware campaign targeting South America. The threat actor is using a Babukbased encryptor that appends the .akira extension and drops a ransom note that mimics Akira both in Tor URLs and the overall content. 1/5

#ESETresearch has identified a Silver Fox campaign that actively takes advantage of the current annual tax filing and organizational change season in Japan, a period when companies generate a high volume of legitimate financial and HRrelated comms. www.welivesecurity.com/en/business-... 1/8

#ESETresearch detected a recent intrusion at a University of Warsaw consistent with #Interlock ransomware gang. Thanks to early warning from our experts and the university's swift cooperation, the attack was disrupted before encryptors could be deployed. www.eset.com/pl/about/new... 1/8

In cybersecurity, labels can distract from what really matters. At #RSAC2026, #ESETresearch’s Robert Lipovský will break down recent campaigns linked to state-sponsored actors and explore how hybrid threat tactics are evolving. The session focuses on practical defender takeaways.

#ESETresearch is hiring! Passionate about geopolitics, cyberespionage and cyber threat intelligence? We have a new opening for a strategic threat intelligence analyst at our Montréal office. Come join the team! eset.wd3.myworkdayjobs.com/ESET_Externa...

#ESETresearch analyzed more than 80 EDR killers, seen across real-world intrusions, and used ESET telemetry to document how these tools operate, who uses them, and how they evolve beyond simple driver abuse. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch has analyzed the resurgence of Sednit – one of the most long‑running Russia‑aligned APT groups – now using a modern toolkit built around paired implants, BeardShell and Covenant, each using a different cloud provider for resilience. www.welivesecurity.com/en/eset-rese... 1/5

#BREAKING #ESETresearch has discovered the first known Android malware to use generative AI in its execution flow; we have named it #PromptSpy. The malware abuses Google’s #Gemini to achieve persistence on the compromised device. www.welivesecurity.com/en/eset-rese... 1/6

#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector. www.welivesecurity.com/en/eset-rese... 1/5

#ESETresearch has uncovered a new #Android spyware campaign using novel romance scam tactics to target individuals in 🇵🇰 Pakistan, with an added social engineering element previously unseen in similar schemes. www.welivesecurity.com/en/eset-rese... 1/9

#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

#ESETresearch’s Lukas Stefanko will speak at Ransomware Resilience 2026 on Mon, Jan 19 in Kuala Lumpur at 4pm local time! Discover how Android NFC threats evolved to enable unauthorized ATM withdrawals. Learn about NGate - first Android malware to execute NFC relay attack for remote ATM cash-outs.

According to ESET telemetry, threat actors keep finding new ways to exploit #NFC technology: detections surged by 78% compared to H1 2025; however, overall numbers remain low. 1/6

In 2025, #ESETresearch saw a 62% year-over-year increase in detections of fake investment and snake oil scams – tracked as HTML/Nomani – amounting to hundreds of thousands of detections and over 64,000 unique URLs blocked. 1/5

In H2 2025, #ESETresearch saw a thirtyfold increase in #CloudEyE detections, amounting to more than 100,000 hits over the course of six months. CloudEyE is a #MaaS downloader and cryptor used to conceal and deploy other malware, such as #Rescoms, #Formbook, and #Agent Tesla. 1/5

In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5

#ESETresearch has revisited CVE 2025 50165, a critical remote code execution vulnerability in the WindowsCodecs.dll library when processing JPG images, one of the most widely used image format s. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch has detected a new MSIL loader, named #BlackHawk, protected by three layers of obfuscation, all of which show strong signs of being AI-generated. 1/9

#ESETresearch has discovered a new 🇨🇳-aligned APT group, #LongNosedGoblin. This group focuses on cyberespionage and targets mainly governmental entities in Southeast Asia and Japan. www.welivesecurity.com/en/eset-rese... 1/7

ESET Threat Report H2 2025: NFC threats grow in scale and sophistication, ransomware victim numbers surge, and AI-powered malware becomes reality with PromptLock. The threat landscape is evolving fast – read the full report: web-assets.esetstatic.com/wls/en/paper... #ESETresearch

#ESETresearch analyzed the #Gamaredon VBScript payload recently flagged by @ClearskySec. It wipes registry Run keys, scheduled tasks, and kills processes – however, our assessment is that this is likely to clean researchers’ machines, not a shift to destructive ops. x.com/ClearskySec/... 1/4

#ESETresearch discovered a new #MuddyWater campaign targeting critical infrastructure in 🇮🇱 Israel and 🇪🇬 Egypt, using a new backdoor – MuddyViper – and a variety of post-compromise tools www.welivesecurity.com/en/eset-rese... 1/7

#ESETresearch is heading to #AVAR2025? Dec 4, Thursday in Kuala Lumpur, 11:00–11:30 MYT. ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3

#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8

#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8

#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. www.welivesecurity.com/en/eset-rese... 1/5

We are deeply saddened by the passing of David Harley, a brilliant cybersecurity expert, former ESET Senior Research Fellow, author and long-time Virus Bulletin contributor. David's legacy spans decades of research, writing, and public speaking. Rest in peace, David. You will be missed. 💙

#ESETresearch identified an active campaign distributing #NGate – Android NFC relay malware used for contactless payment fraud – targeting Brazilian users. It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4

#ESETresearch has released its latest APT Activity Report (Apr–Sep 2025): China-aligned groups targeted Latin America amid US-China tensions. Russia-aligned groups intensified ops against Ukraine & EU states. Full report: web-assets.esetstatic.com/wls/en/paper...

#ESETresearch discovered a new wave of the well-known North Korea-aligned Lazarus campaign Operation DreamJob, now targeting the drone industry. welivesecurity.com/en/eset-rese... 1/9

Join @Invest_Ottawa & the Embassy of the Slovak Republic in Canada for a Cybersecurity Roundtable with Chief #ESETresearch Officer Roman Kováč: Oct 20, 2025, 3–4:30 PM, 7 Bayview Station Rd, Ottawa. RSVP by Oct 15: bit.ly/46X9eV9 1/3

#ESETresearch has identified two campaigns targeting Android users in the 🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/6

#ESETresearch has uncovered the North Korea-aligned threat actor, DeceptiveDevelopment, targeting freelance developers with trojanized coding challenges and fake job interviews. www.welivesecurity.com/en/eset-rese... 1/6

Two exciting panels featuring #ESETresearch’s Righard Zwienenberg at #VB2025 in Berlin @virusbtn - from stories of the past to debates about the future of vulnerability handling. Here's what to expect 👇1/3

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese... 1/3

#ESETresearch’s Robert Lipovský will present at Labscon 2025: “ The Curse of Salt Typhoon: FamousSparrow goes after the US financial sector“. Join him in Scottsdale, AZ, September 19 at 12:00 PM MST 1/5

#ESETresearch’s Matthieu Faou and Zoltán Rusnák will present at Labscon 2025 @labscon_io: “Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine”. Join them in Scottsdale, September 19 at 11:00 AM MST. 1/3

#ESETresearch has discovered #HybridPetya ransomware on VirusTotal: a UEFI-compatible copycat of the infamous Petya/NotPetya malware. HybridPetya is capable of bypassing UEFI Secure Boot on outdated systems. www.welivesecurity.com/en/eset-rese... 1/8

#ESETresearch uncovers GhostRedirector, a threat actor compromising Windows servers with a C++ Backdoor named Rungan and Gamshen, a native IIS malware www.welivesecurity.com/en/eset-rese... 1/6

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7

#ESETresearch’s very own Peter Kálnai along with Matěj Havránek will present at #VB2025 @virusbtn.bsky.social: “DeceptiveDevelopment and 🇰🇵 North Korean IT workers: from primitive crypto theft to sophisticated AI-based deception.” Join them in Berlin, September 25 at 14:30 CEST. 1/3

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese... 1/7

#ESETresearch joins Europol’s Cyber Intelligence Extension Programme (CIEP) 🤝 We are proud to announce ESET’s participation in the pilot phase of CIEP, a new initiative launched by Europol 's European Cybercrime Centre (EC3). 1/5

#BREAKING #ESETresearch can confirm the news of #Lumma Stealer's revival. ESET telemetry and botnet tracking show that operators are rebuilding their infrastructure, with their renewed activity reaching similar levels to those before the #disruption in May 2025. 1/6

In H1 2025, #ESETResearch telemetry recorded a 160% surge in #Android adware & clicker detections. Leading this spike is a colorfully branded threat #Kaleidoscope, responsible for 28% of all Android #adware detections in H1. 1/6

#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. www.welivesecurity.com/en/eset-rese... 1/5

#ClickFix went from virtually non-existent to the second most common attack vector blocked by #ESET, surpassed only by #phishing. This novel social engineering technique accounted for nearly 8% of all detections in H1 2025. #ESETresearch 1/7