#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s energy sector. www.welivesecurity.com/en/eset-rese... 1/5

#ESETresearch has uncovered a new #Android spyware campaign using novel romance scam tactics to target individuals in 🇵🇰 Pakistan, with an added social engineering element previously unseen in similar schemes. www.welivesecurity.com/en/eset-rese... 1/9

#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

#ESETresearch’s Lukas Stefanko will speak at Ransomware Resilience 2026 on Mon, Jan 19 in Kuala Lumpur at 4pm local time! Discover how Android NFC threats evolved to enable unauthorized ATM withdrawals. Learn about NGate - first Android malware to execute NFC relay attack for remote ATM cash-outs.

According to ESET telemetry, threat actors keep finding new ways to exploit #NFC technology: detections surged by 78% compared to H1 2025; however, overall numbers remain low. 1/6

In 2025, #ESETresearch saw a 62% year-over-year increase in detections of fake investment and snake oil scams – tracked as HTML/Nomani – amounting to hundreds of thousands of detections and over 64,000 unique URLs blocked. 1/5

In H2 2025, #ESETresearch saw a thirtyfold increase in #CloudEyE detections, amounting to more than 100,000 hits over the course of six months. CloudEyE is a #MaaS downloader and cryptor used to conceal and deploy other malware, such as #Rescoms, #Formbook, and #Agent Tesla. 1/5

In 2025, #ESETresearch analyzed hundreds of hands-on-keyboard ransomware attacks, mostly hitting manufacturing, construction, retail, technology, and healthcare. Most of these were seen in the US (17%), Spain (5%), and France, Italy, and Canada (4% each). 1/5

#ESETresearch has revisited CVE 2025 50165, a critical remote code execution vulnerability in the WindowsCodecs.dll library when processing JPG images, one of the most widely used image format s. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch has detected a new MSIL loader, named #BlackHawk, protected by three layers of obfuscation, all of which show strong signs of being AI-generated. 1/9

#ESETresearch has discovered a new 🇨🇳-aligned APT group, #LongNosedGoblin. This group focuses on cyberespionage and targets mainly governmental entities in Southeast Asia and Japan. www.welivesecurity.com/en/eset-rese... 1/7

ESET Threat Report H2 2025: NFC threats grow in scale and sophistication, ransomware victim numbers surge, and AI-powered malware becomes reality with PromptLock. The threat landscape is evolving fast – read the full report: web-assets.esetstatic.com/wls/en/paper... #ESETresearch

#ESETresearch analyzed the #Gamaredon VBScript payload recently flagged by @ClearskySec. It wipes registry Run keys, scheduled tasks, and kills processes – however, our assessment is that this is likely to clean researchers’ machines, not a shift to destructive ops. x.com/ClearskySec/... 1/4

#ESETresearch discovered a new #MuddyWater campaign targeting critical infrastructure in 🇮🇱 Israel and 🇪🇬 Egypt, using a new backdoor – MuddyViper – and a variety of post-compromise tools www.welivesecurity.com/en/eset-rese... 1/7

#ESETresearch is heading to #AVAR2025? Dec 4, Thursday in Kuala Lumpur, 11:00–11:30 MYT. ESET researchers Anton Cherepanov & Peter Strýček present: "Sniffing Around: Unmasking the LongNosedGoblin operation in Southeast Asia and Japan”. 1/3

#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8

#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8

#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. www.welivesecurity.com/en/eset-rese... 1/5

We are deeply saddened by the passing of David Harley, a brilliant cybersecurity expert, former ESET Senior Research Fellow, author and long-time Virus Bulletin contributor. David's legacy spans decades of research, writing, and public speaking. Rest in peace, David. You will be missed. 💙

#ESETresearch identified an active campaign distributing #NGate – Android NFC relay malware used for contactless payment fraud – targeting Brazilian users. It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4

#ESETresearch has released its latest APT Activity Report (Apr–Sep 2025): China-aligned groups targeted Latin America amid US-China tensions. Russia-aligned groups intensified ops against Ukraine & EU states. Full report: web-assets.esetstatic.com/wls/en/paper...

#ESETresearch discovered a new wave of the well-known North Korea-aligned Lazarus campaign Operation DreamJob, now targeting the drone industry. welivesecurity.com/en/eset-rese... 1/9

Join @Invest_Ottawa & the Embassy of the Slovak Republic in Canada for a Cybersecurity Roundtable with Chief #ESETresearch Officer Roman Kováč: Oct 20, 2025, 3–4:30 PM, 7 Bayview Station Rd, Ottawa. RSVP by Oct 15: bit.ly/46X9eV9 1/3

#ESETresearch has identified two campaigns targeting Android users in the 🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/6

#ESETresearch has uncovered the North Korea-aligned threat actor, DeceptiveDevelopment, targeting freelance developers with trojanized coding challenges and fake job interviews. www.welivesecurity.com/en/eset-rese... 1/6

Two exciting panels featuring #ESETresearch’s Righard Zwienenberg at #VB2025 in Berlin @virusbtn - from stories of the past to debates about the future of vulnerability handling. Here's what to expect 👇1/3

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese... 1/3

#ESETresearch’s Robert Lipovský will present at Labscon 2025: “ The Curse of Salt Typhoon: FamousSparrow goes after the US financial sector“. Join him in Scottsdale, AZ, September 19 at 12:00 PM MST 1/5

#ESETresearch’s Matthieu Faou and Zoltán Rusnák will present at Labscon 2025 @labscon_io: “Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine”. Join them in Scottsdale, September 19 at 11:00 AM MST. 1/3

#ESETresearch has discovered #HybridPetya ransomware on VirusTotal: a UEFI-compatible copycat of the infamous Petya/NotPetya malware. HybridPetya is capable of bypassing UEFI Secure Boot on outdated systems. www.welivesecurity.com/en/eset-rese... 1/8

#ESETresearch uncovers GhostRedirector, a threat actor compromising Windows servers with a C++ Backdoor named Rungan and Gamshen, a native IIS malware www.welivesecurity.com/en/eset-rese... 1/6

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7

#ESETresearch’s very own Peter Kálnai along with Matěj Havránek will present at #VB2025 @virusbtn.bsky.social: “DeceptiveDevelopment and 🇰🇵 North Korean IT workers: from primitive crypto theft to sophisticated AI-based deception.” Join them in Berlin, September 25 at 14:30 CEST. 1/3

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese... 1/7

#ESETresearch joins Europol’s Cyber Intelligence Extension Programme (CIEP) 🤝 We are proud to announce ESET’s participation in the pilot phase of CIEP, a new initiative launched by Europol 's European Cybercrime Centre (EC3). 1/5

#BREAKING #ESETresearch can confirm the news of #Lumma Stealer's revival. ESET telemetry and botnet tracking show that operators are rebuilding their infrastructure, with their renewed activity reaching similar levels to those before the #disruption in May 2025. 1/6

In H1 2025, #ESETResearch telemetry recorded a 160% surge in #Android adware & clicker detections. Leading this spike is a colorfully branded threat #Kaleidoscope, responsible for 28% of all Android #adware detections in H1. 1/6

#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. www.welivesecurity.com/en/eset-rese... 1/5

#ClickFix went from virtually non-existent to the second most common attack vector blocked by #ESET, surpassed only by #phishing. This novel social engineering technique accounted for nearly 8% of all detections in H1 2025. #ESETresearch 1/7

#ESETresearch has mapped the labyrinth of #AsyncRAT forks, identifying the most prevalent versions of this open-source malware. While some variants are mere curiosities, others pose a more tenacious threat. www.welivesecurity.com/en/eset-rese... 1/7

In May 2025, #ESET participated in operations that largely disrupted the infrastructure of two notorious infostealers: #LummaStealer and #Danabot. 1/6

After years of dominance in #ESET’s top #infostealer statistics, the era of #AgentTesla has come to an end. It finished H1 2025 in fourth place, its numbers having decreased by 57%. The reason? It is no longer under active development. 1/4

#ESETresearch has conducted a comprehensive technical analysis of new malicious tools and significant updates observed in 2024 in the arsenal of the Russia-aligned #Gamaredon #APTgroup targeting Ukraine🇺🇦. www.welivesecurity.com/en/eset-rese... 1/9

ESET Threat Report H1 2025: #ClickFix attacks surge 500%, SnakeStealer tops infostealer charts, and NFC fraud jumps 35x. Plus, chaos in the ransomware underworld and a new Android adware menace—Kaleidoscope. Dive into the full report: web-assets.esetstatic.com/wls/en/paper... #ESETresearch

ESET’s Matthieu Faou exposed “Operation Texonto”, a pro-Russian disinformation operation aimed at Ukrainian speakers. He shared the full breakdown at #CYBERWARCON. Watch his talk >> www.youtube.com/watch?v=X5lL... Read the research >> www.welivesecurity.com/en/eset-rese... #IO #Cybersecurity

#ESETresearch analyzed a campaign deployed by BladedFeline, an Iran-aligned threat actor with likely ties to #OilRig. We discovered the campaign, which targeted Kurdish and Iraqi government officials, in 2024. www.welivesecurity.com/en/eset-rese... 1/6

The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @jakubtomanek.bsky.social www.welivesecurity.com/en/eset-rese... 1/5

#ESETresearch has published its latest APT Activity Report, covering October 2024 to March 2025 (Q4 2024–Q1 2025). China-aligned groups like Mustang Panda and DigitalRecyclers continued their espionage campaigns targeting the EU government and maritime sectors. 1/2