Information

Video The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become 28 Aug 2024 Recently, ESET Researchers have discovered a crimeware campaign that targeted the clients of prominent Czech banks. The malware, named NGate by ESET, can relay data from victims’ stored payment cards via a malicious app installed on their Android phones to the attackers’ rooted Android devices. Watch as Tony discusses the story and…

Read More

Internet of Things In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors Márk Szabó 27 Aug 2024  •  , 4 min. read Outdated devices are often easy targets for attackers, especially if they have vulnerabilities that can be exploited and no patches are available due to their end-of-life status. Hacks of outdated or vulnerable devices are an issue, but why would anyone attempt to hack discontinued devices or those…

Read More

Video, Mobile Security The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure 26 Aug 2024 Android threats are a serious business. Among them is the Blue Ducky script, which exploits the CVE-2023-45866 Android device vulnerability.  By running the Blue Ducky script, an attacker can: Inject keystrokes and thus control…

Read More

Video Phishing using PWAs? ESET Research’s latest discovery might just ruin some users’ assumptions about their preferred platform’s security 23 Aug 2024 ESET researchers have recently revealed an uncommon type of phishing campaign using Progressive Web Apps (PWAs) that targeted the clients of a prominent Czech bank.  The technique used installed a phishing application from a third-party website without the user having to allow third-party app installation. This is because PWAs are simply websites bundled…

Read More

ESET researchers uncovered a crimeware campaign that targeted clients of three Czech banks. The malware used, which we have named NGate, has the unique ability to relay data from victims’ payment cards, via a malicious app installed on their Android devices, to the attacker’s rooted Android phone. Key points of this blogpost: Attackers combined standard malicious techniques – social engineering, phishing, and Android malware – into a novel attack scenario; we suspect that lure messages…

Read More

Business Security Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with Tony Anscombe 21 Aug 2024  •  , 3 min. read Governments create legislation and regulations primarily to protect public interests and keep order, ensuring society functions as it should. When related to cyber insurance and cybersecurity, regulation is aimed at ethical conduct,…

Read More

In this blogpost we discuss an uncommon type of phishing campaign targeting mobile users and analyze a case that we observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation. For iOS users, such an action might break any “walled garden” assumptions about security. On Android, this could result in…

Read More