We are deeply saddened by the passing of David Harley, a brilliant cybersecurity expert, former ESET Senior Research Fellow, author and long-time Virus Bulletin contributor. David's legacy spans decades of research, writing, and public speaking. Rest in peace, David. You will be missed. 💙

#ESETresearch identified an active campaign distributing #NGate – Android NFC relay malware used for contactless payment fraud – targeting Brazilian users. It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4

#ESETresearch has released its latest APT Activity Report (Apr–Sep 2025): China-aligned groups targeted Latin America amid US-China tensions. Russia-aligned groups intensified ops against Ukraine & EU states. Full report: web-assets.esetstatic.com/wls/en/paper...

#ESETresearch discovered a new wave of the well-known North Korea-aligned Lazarus campaign Operation DreamJob, now targeting the drone industry. welivesecurity.com/en/eset-rese... 1/9

Join @Invest_Ottawa & the Embassy of the Slovak Republic in Canada for a Cybersecurity Roundtable with Chief #ESETresearch Officer Roman Kováč: Oct 20, 2025, 3–4:30 PM, 7 Bayview Station Rd, Ottawa. RSVP by Oct 15: bit.ly/46X9eV9 1/3

#ESETresearch has identified two campaigns targeting Android users in the 🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/6

#ESETresearch has uncovered the North Korea-aligned threat actor, DeceptiveDevelopment, targeting freelance developers with trojanized coding challenges and fake job interviews. www.welivesecurity.com/en/eset-rese... 1/6

Two exciting panels featuring #ESETresearch’s Righard Zwienenberg at #VB2025 in Berlin @virusbtn - from stories of the past to debates about the future of vulnerability handling. Here's what to expect 👇1/3

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese... 1/3

#ESETresearch’s Robert Lipovský will present at Labscon 2025: “ The Curse of Salt Typhoon: FamousSparrow goes after the US financial sector“. Join him in Scottsdale, AZ, September 19 at 12:00 PM MST 1/5

#ESETresearch’s Matthieu Faou and Zoltán Rusnák will present at Labscon 2025 @labscon_io: “Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine”. Join them in Scottsdale, September 19 at 11:00 AM MST. 1/3

#ESETresearch has discovered #HybridPetya ransomware on VirusTotal: a UEFI-compatible copycat of the infamous Petya/NotPetya malware. HybridPetya is capable of bypassing UEFI Secure Boot on outdated systems. www.welivesecurity.com/en/eset-rese... 1/8

#ESETresearch uncovers GhostRedirector, a threat actor compromising Windows servers with a C++ Backdoor named Rungan and Gamshen, a native IIS malware www.welivesecurity.com/en/eset-rese... 1/6

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7

#ESETresearch’s very own Peter Kálnai along with Matěj Havránek will present at #VB2025 @virusbtn.bsky.social: “DeceptiveDevelopment and 🇰🇵 North Korean IT workers: from primitive crypto theft to sophisticated AI-based deception.” Join them in Berlin, September 25 at 14:30 CEST. 1/3

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese... 1/7

#ESETresearch joins Europol’s Cyber Intelligence Extension Programme (CIEP) 🤝 We are proud to announce ESET’s participation in the pilot phase of CIEP, a new initiative launched by Europol 's European Cybercrime Centre (EC3). 1/5

#BREAKING #ESETresearch can confirm the news of #Lumma Stealer's revival. ESET telemetry and botnet tracking show that operators are rebuilding their infrastructure, with their renewed activity reaching similar levels to those before the #disruption in May 2025. 1/6

In H1 2025, #ESETResearch telemetry recorded a 160% surge in #Android adware & clicker detections. Leading this spike is a colorfully branded threat #Kaleidoscope, responsible for 28% of all Android #adware detections in H1. 1/6

#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. www.welivesecurity.com/en/eset-rese... 1/5

#ClickFix went from virtually non-existent to the second most common attack vector blocked by #ESET, surpassed only by #phishing. This novel social engineering technique accounted for nearly 8% of all detections in H1 2025. #ESETresearch 1/7

#ESETresearch has mapped the labyrinth of #AsyncRAT forks, identifying the most prevalent versions of this open-source malware. While some variants are mere curiosities, others pose a more tenacious threat. www.welivesecurity.com/en/eset-rese... 1/7

In May 2025, #ESET participated in operations that largely disrupted the infrastructure of two notorious infostealers: #LummaStealer and #Danabot. 1/6

After years of dominance in #ESET’s top #infostealer statistics, the era of #AgentTesla has come to an end. It finished H1 2025 in fourth place, its numbers having decreased by 57%. The reason? It is no longer under active development. 1/4

#ESETresearch has conducted a comprehensive technical analysis of new malicious tools and significant updates observed in 2024 in the arsenal of the Russia-aligned #Gamaredon #APTgroup targeting Ukraine🇺🇦. www.welivesecurity.com/en/eset-rese... 1/9

ESET Threat Report H1 2025: #ClickFix attacks surge 500%, SnakeStealer tops infostealer charts, and NFC fraud jumps 35x. Plus, chaos in the ransomware underworld and a new Android adware menace—Kaleidoscope. Dive into the full report: web-assets.esetstatic.com/wls/en/paper... #ESETresearch

ESET’s Matthieu Faou exposed “Operation Texonto”, a pro-Russian disinformation operation aimed at Ukrainian speakers. He shared the full breakdown at #CYBERWARCON. Watch his talk >> www.youtube.com/watch?v=X5lL... Read the research >> www.welivesecurity.com/en/eset-rese... #IO #Cybersecurity

#ESETresearch analyzed a campaign deployed by BladedFeline, an Iran-aligned threat actor with likely ties to #OilRig. We discovered the campaign, which targeted Kurdish and Iraqi government officials, in 2024. www.welivesecurity.com/en/eset-rese... 1/6

The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @jakubtomanek.bsky.social www.welivesecurity.com/en/eset-rese... 1/5

#ESETresearch has published its latest APT Activity Report, covering October 2024 to March 2025 (Q4 2024–Q1 2025). China-aligned groups like Mustang Panda and DigitalRecyclers continued their espionage campaigns targeting the EU government and maritime sectors. 1/2

#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. www.welivesecurity.com/en/eset-rese... 1/5

Join #ESETResearch's Damien Schaeffer at PivotCon 2025 for "Hello Zebrocy, my old friend!" on May 8 at 2pm CEST in Malaga. @dmnsch.bsky.social 1/4

#ESETResearch analyzed the toolset of the China-aligned APT group that we have named #TheWizards. It can move laterally on compromised networks by performing adversary-in-the-middle (AitM) attacks to hijack software updates. www.welivesecurity.com/en/eset-rese... 1/6

Join #ESETResearch's Romain Dumont at BSides Calgary for "Reverse One Zero Day, Get One Free!" on May 2 at 8pm local time. 1/4

Join #ESETresearch and our very own @matthieufaou.bsky.social during #Northsec conference in Montreal for “Weaponizing XSS: Cyberespionage tactics in webmail exploitation” talk. Learn how XSS vulnerabilities let attackers inject malicious scripts into webmails. 1/3

#ESETresearch noticed two #MirrorFace Excel documents, known as #ROAMINGMOUSE, were uploaded to VirusTotal from #Taiwan in March 2025. The documents contain a malicious VBA macro that deploys #ANEL backdoor on the compromised machine. 1/8

#ESETresearch discovered previously unknown links between the #RansomHub, #Medusa, #BianLian, and #Play ransomware gangs, and leveraged #EDRKillShifter to learn more about RansomHub’s affiliates. @SCrow357 www.welivesecurity.com/en/eset-rese... 1/7

In July 2024, #ESETresearch discovered that the China-aligned #FamousSparrow APT group, thought at the time to have been inactive since 2022, compromised the network of a US trade group and a Mexican research institute. www.welivesecurity.com/en/eset-rese... 1/5

#ESETresearch published its investigation of Operation FishMedley, a global espionage operation by the China-aligned APT group FishMonger. We identified seven victims – including governments, NGOs, and think tanks – across Asia, Europe, and the US. www.welivesecurity.com/en/eset-rese... 1/3

#ESETresearch has uncovered the #MirrorFace Operation AkaiRyū, which extends the group’s usual focus beyond Japan into Europe. The initial lure centered around Expo 2025 in Japan, compromising a Central European diplomatic institute. 1/8 www.welivesecurity.com/en/eset-rese...

#ESETresearch has discovered a zero day exploit abusing #CVE-2025-24983 vulnerability in Windows Kernel to elevate privileges (#LPE). First seen in the wild in March 2023, the exploit was deployed through #PipeMagic backdoor on the compromised machines. 1/4

My latest podcast for @esetresearch.bsky.social is online! 🚨Discover key cybersecurity trends from H2 2024, including a major infostealer shakeup, a new iOS/Android attack vector, and booming Nomani scams in the latest episode of the #ESETresearch podcast: www.welivesecurity.com/en/podcasts/...

#ESETresearch has released DelphiHelper, a plugin for #IDAPro that aids in analyzing Delphi binaries. Check it out on ESET’s GitHub: github.com/eset/DelphiH.... Proud to be recognized among the notable submissions of the 2024 x.com/HexRaysSA Plugin Contest: hex-rays.com/blog/2024-pl...

#ESETresearch analyzed a campaign by #DeceptiveDevelopment targeting developers with trojanized coding tests. Posing as recruiters, the operators approach their targets on job-hunting platforms, aiming to steal their cryptocurrency wallets and more. www.welivesecurity.com/en/eset-rese... 🧵 1/6

#BREAKING #ESETresearch NFC Android malware impersonates banking app in 🇵🇱 Poland. #NGate malware impersonates a banking verification application to steal NFC data and PIN from victims’ physical payment card. x.com/LukasStefanko 🧵1/3

The threat landscape in H2 2024 was quite tumultuous when it comes to some of the most prominent infostealer threats. One of them, the notorious #RedLine Stealer, finally met its demise after being taken down by law enforcement in #OperationMagnus. #ESETresearch 🧵 1/5

#ESETresearch discovered + named 🇨🇳 China-aligned #APT group #PlushDaemon who did a supply-chain compromise of a 🇰🇷 South Korean #VPN provider, trojanizing its legitimate software installer with a Windows backdoor we named #SlowStepper www.welivesecurity.com/en/eset-rese... 🧵1/6

Join #ESETresearch at #JSAC2025! Facundo Munoz will talk about China-aligned PlushDaemon APT compromising the supply chain of a 🇰🇷 South Korean VPN. In 2024, several users downloaded a trojanized NSIS installer from the official website of a South Korean VPN company. 🧵 1/3