ESET
-
ESET: Fake Signal and ToTok Android Apps used to deploy spyware in UAE
ESET researchers warned that two spyware campaigns in the UAE use fake Signal and ToTok Android apps disguised as plugins or add‑ons to collect contacts, messages, backups and files; the spyware has been traced to mid‑2022 and is blocked by Google Play Protect for devices with Google Play Services.
-
ESET: Gamaredon and Turla Coordinating Campaign Targets Ukrainian Institutions, Deploying Kazuar Backdoor
Security researchers have identified a coordinated campaign between Gamaredon and Turla targeting Ukrainian entities, with Kazuar backdoor deployments signaling active collaboration and evolving tactics across multiple campaigns in early 2025.
-
FileFix: New Facebook security alert spoof hijacks victims into downloading StealC infostealer, researchers warn
Security researchers have uncovered a campaign dubbed FileFix that masquerades as a Facebook security alert to trick users into executing a malicious payload, culminating in the StealC infostealer. The operation, a variant of the ClickFix social-engineering technique, shows global reach, steganography-based delivery, and a Go-based loader that drops StealC v2, with researchers noting evolving infrastructure…
-
GhostRedirector threat cluster compromises 65 Windows servers, deploys Rungan backdoor and Gamshen IIS module for SEO fraud
A fresh threat cluster named GhostRedirector has compromised at least 65 Windows servers, deploying a passive backdoor called Rungan and an IIS module named Gamshen to conduct SEO fraud, according to ESET researchers. The campaign shows SQL injection-based initial access, PowerShell-based tool delivery, and persistence through multiple remote-access tools, with a China-aligned attribution considered plausible…
-
Russian APT Gamaredon Intensifies Phishing Campaigns Against Ukraine
Gamaredon, a Russia-aligned APT, has intensified its spear-phishing attacks on Ukrainian government institutions, revealing a significant increase in sophistication and employing new stealth capabilities in its operations.
-
Chinese Hackers Unleash MarsSnake Backdoor in Targeted Attacks on Saudi Organization
ESET has revealed that a China-aligned hacker group known as UnsolicitedBooker is targeting an unnamed Saudi Arabian organization with a new backdoor called MarsSnake, exploiting spear-phishing tactics to gain access to crucial information.
-
Russian Hackers Exploit Old Vulnerabilities to Target Global Mail Servers
Security firm ESET reports that hackers, likely linked to the Russian government, have exploited long-standing cross-site scripting vulnerabilities to breach multiple high-value mail servers globally, with significant implications for defense contractors in Eastern Europe.
-
FamousSparrow Hackers Enhance Cyber Attacks with Modular Backdoor
A China-linked cyberespionage group known as FamousSparrow has intensified its operations by deploying an upgraded version of its backdoor malware, SparrowDoor, against several organizations, including a US-based trade group. ESET researchers have identified significant improvements in the malware’s structure and capabilities, raising concerns about the group’s access to advanced cyber tools.
