Aryeh Goretsky

image of phish showing McAfee capitalized incorrectly

Tip for phishers: When sending fake #McAfee invoices in attempt to get someone to call ☎️ + give you their bank card details💳, you should capitalize the "A" in McAfee.

Grammar matters, especially when conducting credit card fraud.

As I watched infostealers encounters rise I wrote this guide for @esetresearch.bsky.social on the recovery process: www.welivesecurity.com/en/cybersecu...

Just saw a post stating that #Reddit is now running ads containing ClickFix malware:
www.reddit.com/r/Scams/comm...

Congratulations to my @esetofficial.bsky.social colleagues on their anniversaries!

J.S. (10th), M.K. (14th), B.O. (15th), R.K. (16th), T.K. (20th), J.S. (25th), and B.L. (30th)! 🍰🎇🥂

(also, it seems like we do a lot of hiring in July…)

#ClickFix went from virtually non-existent to the second most common attack vector blocked by #ESET, surpassed only by #phishing. This novel social engineering technique accounted for nearly 8% of all detections in H1 2025. #ESETresearch 1/7

I dimly recall reading in the '90s that some Ethernet cabling (probably not plenum) contained hydrogenated corn oil as a stabilizer in the jacketing. As it degraded/broke down over time, they got nibbled on by mice and rats.

Any idea *why* sharks do this? I saw someone mentioned the possibility of organic oils in the cladding, but I was under the impression those weren't used in marine cabling. Is there any copper wiring conducting electricity inside amidst the fiber bundle that might be drawing their attention?

Aitor Gran Capitan knife (image courtesy SAKWIKI)

I used to carry a pocket knife with me onto the airplane.

MrBeast scam image (1 of 3)

MrBeast scam image (2 of 3)

MrBeast scam image (3 of 3)

I've noticed an uptick in phishes using pictures of fake BBC and Twitter pages mentioning MrBeast. The images are posted in chat servers like Discord.
Naturally, he has nothing to do with them, and as soon as you give the scammers your bank details they're cashing you out.

Unmasking AsyncRAT: Navigating the labyrinth of forks ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants.

#ESETresearch has mapped the labyrinth of #AsyncRAT forks, identifying the most prevalent versions of this open-source malware. While some variants are mere curiosities, others pose a more tenacious threat. www.welivesecurity.com/en/eset-rese... 1/7

Prompt||GTFO: A Zoom Prompt Pit

Welcome to the Prompt Pit. Whether you’re a CISO Excel jockey or a researcher sniffing for the scent of bits, if you made AI useful and can show your work, then come join us. We prefer security topics, but anything goes - even if just a prompt that made you laugh.

Aryeh Goretsky (@goretsky@infosec.exchange) Attached: 1 image I keep an archive of all of the device drivers for all of the hardware I use for a number of reasons: • It is an easy and convenient way to roll back to an earlier version of so...

A quick look into some duplicate installers in my collection of device driver: infosec.exchange/@goretsky/11...

After years of dominance in #ESET’s top #infostealer statistics, the era of #AgentTesla has come to an end. It finished H1 2025 in fourth place, its numbers having decreased by 57%. The reason? It is no longer under active development. 1/4

In May 2025, #ESET participated in operations that largely disrupted the infrastructure of two notorious infostealers: #LummaStealer and #Danabot. 1/6

Image of Facebook displaying a notification that Powell's Bookstore Facebook page cannot be followed right now.

Wow! It seems Meta is blocking me from following @powells.bsky.social on Facebook.
I guess they have something against 50+ year old independent bookstores

Advice always has to be audience-appropriate. I do any number of things with my personal devices that I would not do with a business computer, nor recommend to someone else.

ESET APT Activity Report Q4 2024-Q1 2025: Malware sharing, data wiping and exploits ESET experts discuss Sandworm’s new data wiper, relentless campaigns by UnsolicitedBooker, the challenges of attribution amidst tool-sharing, and other key findings from the latest APT Activity Report...

My latest podcast for @esetresearch.bsky.social is now live!

Listen in as @esetofficial.bsky.social's experts discuss Sandworm’s🪱new data wiper, UnsolicitedBooker’s relentless campaigns, attribution challenges amid tool-sharing, + other key findings from the latest APT Activity Report.

ESET Threat Report H1 2025: #ClickFix attacks surge 500%, SnakeStealer tops infostealer charts, and NFC fraud jumps 35x. Plus, chaos in the ransomware underworld and a new Android adware menace—Kaleidoscope. Dive into the full report: web-assets.esetstatic.com/wls/en/paper... #ESETresearch

Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war ESET Research discovers Operation Texonto, a disinformation/psychological operations (PSYOPs) campaign that uses spam emails to demoralize Ukrainian citizens with disinformation messages about war-rel...

ESET’s Matthieu Faou exposed “Operation Texonto”, a pro-Russian disinformation operation aimed at Ukrainian speakers. He shared the full breakdown at #CYBERWARCON.

Watch his talk >> www.youtube.com/watch?v=X5lL...

Read the research >> www.welivesecurity.com/en/eset-rese...

#IO #Cybersecurity

File Explorer In Windows 11.... Its not the snappiest. Opening new folders takes a couple seconds to load. On my W10 machine its not like this. What can I do to help make this snappier when browsing directories? Anything I can turn ...

My #ReplyOfTheDay in "File Explorer In Windows 11…" with some 🪟 speed-up tips: www.neowin.net/forum/topic/... via @neowin.net

A little tip for anyone using @esetofficial.bsky.social's
software on Windows:

• Ctrl+R to reset the GUI to its default size + location

• Ctrl+U to show account details like license ID, ESET username, product + version

BladedFeline: Whispering in the dark ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig.

#ESETresearch analyzed a campaign deployed by BladedFeline, an Iran-aligned threat actor with likely ties to #OilRig. We discovered the campaign, which targeted Kurdish and Iraqi government officials, in 2024. www.welivesecurity.com/en/eset-rese... 1/6

Great speech, but as a point of accuracy, Elon Musk was an early-stage investor in Tesla and not one of the company's founders/inventors.

/r/kurdistan can not be accessed in Turkey. We are not sure if it is imposed by Reddit itself or Turkish government. [https://www.reddit.com/media?url=https%3A%2F%2Fpreview.redd.it%2Ftook-them-long-enough-v0-k1e13lqpm62f1.png%3Fwidth%3D720%26format%3Dpng%26auto%3D...

Interesting: It seems Reddit is blocking access to its r/Kurdistan subreddit in Turkey in response to that government's request: old.reddit.com/r/ModSupport...

The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. www.welivesecurity.com/en/eset-rese... 1/6

#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @jakubtomanek.bsky.social www.welivesecurity.com/en/eset-rese... 1/5

ChatGPT's response to query "Can you roast Aryeh Goretsky?"

Not bad, ChatGPT, not bad…

Congrats to my @esetofficial.bsky.social colleagues J. R. on his 15th anniversary + J. F. on his *20th* anniversary!

#ESETresearch has published its latest APT Activity Report, covering October 2024 to March 2025 (Q4 2024–Q1 2025). China-aligned groups like Mustang Panda and DigitalRecyclers continued their espionage campaigns targeting the EU government and maritime sectors. 1/2

2nd (ex)wife. She pops up every so often.
A few years ago, I was visiting @esetofficial.bsky.social in 🇸🇰 + posted on FB, "Tonight's my last night in Bratislava. Any recommendations for stuff to do?" and she replied. She travels a lot still, I guess.