Jiri Kropac's Avatar

Jiri Kropac

@jiriatvirlab.bsky.social

Director of Threat Prevention Labs at @ESET

142 Followers  |  16 Following  |  11 Posts  |  Joined: 19.11.2024  |  1.6814

Latest posts by jiriatvirlab.bsky.social on Bluesky

Post image

We are deeply saddened by the passing of David Harley, a brilliant cybersecurity expert, former ESET Senior Research Fellow, author and long-time Virus Bulletin contributor.

David's legacy spans decades of research, writing, and public speaking.

Rest in peace, David. You will be missed. ๐Ÿ’™

07.11.2025 15:33 โ€” ๐Ÿ‘ 6    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Meta is earning a fortune on a deluge of fraudulent ads, documents show Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, and it internally estimates that its platforms show users 15 billion scam ads a day, company documents show.

Metaโ€™s own researchers concluded that a third of the scams in the U.S. happen over its platforms and that fraudulent ads and those for banned products might contribute a tenth of its revenue. www.reuters.com/investigatio...

06.11.2025 15:44 โ€” ๐Ÿ‘ 87    ๐Ÿ” 49    ๐Ÿ’ฌ 4    ๐Ÿ“Œ 10
Post image

#ESETresearch identified an active campaign distributing #NGate โ€“ Android NFC relay malware used for contactless payment fraud โ€“ targeting Brazilian users.
It is available for download via fake Google Play sites mimicking 4 major banks and 1 e-commerce app. 1/4

06.11.2025 14:00 โ€” ๐Ÿ‘ 2    ๐Ÿ” 2    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

#ESETresearch has released its latest APT Activity Report (Aprโ€“Sep 2025): China-aligned groups targeted Latin America amid US-China tensions. Russia-aligned groups intensified ops against Ukraine & EU states. Full report: web-assets.esetstatic.com/wls/en/paper...

06.11.2025 11:58 โ€” ๐Ÿ‘ 5    ๐Ÿ” 4    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Post image

The targeted sectors include defense, metal engineering, and the UAV sector. The attackers left the keyword โ€œdroneโ€ in their payloads, directly suggesting one of their goals. 3/9

23.10.2025 04:10 โ€” ๐Ÿ‘ 3    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

#ESETresearch discovered a new wave of the well-known North Korea-aligned Lazarus campaign Operation DreamJob, now targeting the drone industry.
welivesecurity.com/en/eset-rese... 1/9

23.10.2025 04:10 โ€” ๐Ÿ‘ 9    ๐Ÿ” 9    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 2
Call for proposals โ€“ Botconf 2026

The dates of #Botconf2026 - The Botnet and Malware Ecosystems Fighting Conference have been confirmed for our
13th ed - Workshops (14th) & Conference (15th-17th) April 2026 in Reims, France

The CFP is online and ends on January 2nd 2026

https://www.botconf.eu/call-for-proposals/

15.10.2025 14:26 โ€” ๐Ÿ‘ 1    ๐Ÿ” 7    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Android #ToSpy, the spyware used in the other campaign, masquerades solely as the ToTok app. It is distributed through phishing websites impersonating app distribution platforms, such as the Samsung Galaxy Store. 3/6

02.10.2025 09:23 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
New spyware campaigns target privacy-conscious Android users in the UAE ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates.

#ESETresearch has identified two campaigns targeting Android users in the ๐Ÿ‡ฆ๐Ÿ‡ช. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. www.welivesecurity.com/en/eset-rese... 1/6

02.10.2025 09:23 โ€” ๐Ÿ‘ 6    ๐Ÿ” 9    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability ESET Research discover a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents.

The same CVE was recently seen exploited in the wild by other groups (e.g., RomCom), and described by ESET Research in a blogpost - www.welivesecurity.com/en/eset-rese... 2/6

26.09.2025 13:13 โ€” ๐Ÿ‘ 2    ๐Ÿ” 2    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/6

26.09.2025 13:13 โ€” ๐Ÿ‘ 17    ๐Ÿ” 9    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 1
Preview
UK police arrest man linked to ransomware attack that caused airport disruptions in Europe | TechCrunch The U.K.s National Crime Agency said the investigation into the ransomware attack against Collins Aerospace is โ€œin its early stages and remains ongoing.โ€

NEW: The U.K.'s National Crime Agency announced an arrest linked to the ransomware attack against Collins Aerospace, which caused disruptions at several European airports over the weekend.

The man is out on bail, and the agency said the investigation is โ€œin its early stages and remains ongoing.โ€

24.09.2025 13:15 โ€” ๐Ÿ‘ 6    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Gamaredon X Turla collab ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise highโ€‘profile targets in Ukraine.

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russiaโ€™s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese...
1/3

19.09.2025 09:27 โ€” ๐Ÿ‘ 7    ๐Ÿ” 6    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

HybridPetya installs a malicious EFI application to the EFI System Partition, which then encrypts the Master File Table file, an essential metadata file with information about all files on the NTFS-formatted partition. 2/8

12.09.2025 09:02 โ€” ๐Ÿ‘ 3    ๐Ÿ” 2    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results.

#ESETresearch uncovers GhostRedirector, a threat actor compromising Windows servers with a C++ Backdoor named Rungan and Gamshen, a native IIS malware www.welivesecurity.com/en/eset-rese... 1/6

04.09.2025 10:06 โ€” ๐Ÿ‘ 9    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

We performed an internet-wide scan to complement ESET telemetry and identify additional servers affected by this threat: at least 65 servers have been affected by late June 2025, mostly in Brazil, Thailand, and Vietnam. 2/6

04.09.2025 10:06 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

Rungan is a passive C++ backdoor capable of executing commands on the compromised server. 4/6

04.09.2025 10:06 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7

26.08.2025 15:37 โ€” ๐Ÿ‘ 65    ๐Ÿ” 45    ๐Ÿ’ฌ 2    ๐Ÿ“Œ 14
Preview
Paper Werewolf ะฐั‚ะฐะบัƒะตั‚ ะ ะพััะธัŽ ั ะธัะฟะพะปัŒะทะพะฒะฐะฝะธะตะผ ัƒัะทะฒะธะผะพัั‚ะธ ะฝัƒะปะตะฒะพะณะพ ะดะฝั ะฒ WinRAR ะšะปะฐัั‚ะตั€ Paper Werewolf ะฟั€ะพะดะพะปะถะฐะตั‚ ะฐั‚ะฐะบะพะฒะฐั‚ัŒ ั€ะพััะธะนัะบะธะต ะพั€ะณะฐะฝะธะทะฐั†ะธะธ โ€” ะฝะฐ ัั‚ะพั‚ ั€ะฐะท ั ะธัะฟะพะปัŒะทะพะฒะฐะฝะธะตะผ ัƒัะทะฒะธะผะพัั‚ะตะน ะฒ WinRAR

This vulnerability was also exploited by another threat actor, independently discovered by the Russian cybersecurity company BI.ZONE, who claim Paper Werewolf began using CVE-2025-8088 on July 22, just a few days after RomCom did. 6/7
bi.zone/expertise/bl...

11.08.2025 09:08 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
WinRAR on X: "๐Ÿ“ขIn case you haven't noticed, we've released a new version! โซUpdate today!๐Ÿš€ https://t.co/Rj4h5hnODw" / X ๐Ÿ“ขIn case you haven't noticed, we've released a new version! โซUpdate today!๐Ÿš€ https://t.co/Rj4h5hnODw

On July 24, we alerted the WinRAR team, which released version 7.13 just six days later. We advise all users to install the latest version as soon as possible. We would also like to thank the WinRAR team for its cooperation and quick response. 3/7 x.com/WinRAR_RARLA...

11.08.2025 09:08 โ€” ๐Ÿ‘ 4    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese...
1/7

11.08.2025 09:08 โ€” ๐Ÿ‘ 17    ๐Ÿ” 11    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 2
Post image

#ESETresearch joins Europolโ€™s Cyber Intelligence Extension Programme (CIEP) ๐Ÿค We are proud to announce ESETโ€™s participation in the pilot phase of CIEP, a new initiative launched by Europol 's European Cybercrime Centre (EC3). 1/5

07.08.2025 13:38 โ€” ๐Ÿ‘ 8    ๐Ÿ” 4    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image

ESET first detected an attempt to exploit part of the execution chain on July 17 in๐Ÿ‡ฉ๐Ÿ‡ช. Here, the final #webshell payload was not delivered. The first time we registered the payload was on July 18 in๐Ÿ‡ฎ๐Ÿ‡น. We have since seen active ToolShell exploitation all over the world. 2/5

24.07.2025 09:10 โ€” ๐Ÿ‘ 0    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 1

#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. www.welivesecurity.com/en/eset-rese... 1/5

24.07.2025 09:10 โ€” ๐Ÿ‘ 2    ๐Ÿ” 6    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
Unmasking AsyncRAT: Navigating the labyrinth of forks ESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variants.

#ESETresearch has mapped the labyrinth of #AsyncRAT forks, identifying the most prevalent versions of this open-source malware. While some variants are mere curiosities, others pose a more tenacious threat. www.welivesecurity.com/en/eset-rese... 1/7

15.07.2025 12:10 โ€” ๐Ÿ‘ 7    ๐Ÿ” 5    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Danabot was targeted by the #FBI and #DCIS, alongside #OperationEndgame led by #Europol and #Eurojust. ESET participated together with several other companies. We provided the analysis of the malwareโ€™s backend infrastructure and identified its C&C servers. 3/6

11.07.2025 12:27 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

After years of dominance in #ESETโ€™s top #infostealer statistics, the era of #AgentTesla has come to an end. It finished H1 2025 in fourth place, its numbers having decreased by 57%. The reason? It is no longer under active development. 1/4

09.07.2025 12:11 โ€” ๐Ÿ‘ 6    ๐Ÿ” 6    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
Treasury Sanctions Global Bulletproof Hosting Service Enabling Cybercriminals and Technology Theft WASHINGTON โ€” Today, the U.S. Department of the Treasuryโ€™s Office of Foreign Assets Control (OFAC) is designating Aeza Group, a bulletproof hosting (BPH) services provider, for its role in supporting c...

Aeza Group sanctioned in the US: home.treasury.gov/news/press-r...

It's the third Russian bulletproof hosting provider to get sanctioned this year

01.07.2025 17:39 โ€” ๐Ÿ‘ 10    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war ESET Research discovers Operation Texonto, a disinformation/psychological operations (PSYOPs) campaign that uses spam emails to demoralize Ukrainian citizens with disinformation messages about war-rel...

ESETโ€™s Matthieu Faou exposed โ€œOperation Texontoโ€, a pro-Russian disinformation operation aimed at Ukrainian speakers. He shared the full breakdown at #CYBERWARCON.

Watch his talk >> www.youtube.com/watch?v=X5lL...

Read the research >> www.welivesecurity.com/en/eset-rese...

#IO #Cybersecurity

25.06.2025 17:40 โ€” ๐Ÿ‘ 7    ๐Ÿ” 8    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

ESET Threat Report H1 2025: #ClickFix attacks surge 500%, SnakeStealer tops infostealer charts, and NFC fraud jumps 35x. Plus, chaos in the ransomware underworld and a new Android adware menaceโ€”Kaleidoscope. Dive into the full report: web-assets.esetstatic.com/wls/en/paper... #ESETresearch

26.06.2025 09:14 โ€” ๐Ÿ‘ 7    ๐Ÿ” 4    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@jiriatvirlab is following 16 prominent accounts