Listen the latest #podcast hosted by Aryeh Goretsky {@infosec.exchange} where we talk about #EvilVideo vulnerability (CVE-2024-7014) that affected #Telegram for Android app and allowed attackers to send malicious files posing as videos Info: welivesecurity.com/en/podcasts/es… Podcast: esetresearch.podbean.com/e/evilvideo/

Check out the latest ESET Research podcast as Lukas Stefanko delves into EvilVideo exploit targeting Telegram’s Android users. Stay informed and protected. Listen now! 🎧 #ESET #ProgressProtected #CyberSecurity #ESETResearch #Telegram #Podcast #Android

CODE BLUE 2024 Speakers Interview ＃4 Lukas Stefanko／ルーカス・ステファンコ Jakub Osmani／ヤクブ・オスマニ See for yourself👉 facebook.com/codeblue.jp/po… #codeblue_jp

BSides Bratislava is back! Save the Date: March 15th, 2025 #BSidesBA 📢 CFP is open until December, 31st 23:59 UTC. More info: bsidesba.sk

Unusual Android malware distribution vector - physical analog letter ✉️ Fake letters were sent to people at their home addresses to download "Severe Weather Warning App" via the attached QR code. #Coper AKA #Octo2 banking malware is downloaded instead ncsc.admin.ch/ncsc/en/home/a…

Yesterday, I could share my and Jakub research about NFC relay malware #NGate at AVAR Asia conference in #India 🇮🇳 In the picture is a screen from a demo where I show how to withdraw cash from an ATM without a physical payment card using smartphone, as was done by NGate TA #ESET

It was great meeting some really cool folks like Lukas Stefanko , Joseliyo JaromirHorejsi and many others at AVAR Asia and presenting my research on "Rise & Fall of Golang Malware" !

Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN : mobile-hacker.com/2024/12/02/cyb… credits Lukas Stefanko

In the latest version of G-700 Android RAT was allegedly added exploitation of the #EvilVideo Telegram vulnerability (CVE-2024-7014) The exploit allows sending malicious APK files disguised as video EvilVideo: welivesecurity.com/en/eset-resear… G-700 RAT: cyfirma.com/research/g700-…

I hacked into the Telegram bot and retrieved all the logs😃. It seems that Spain🇪🇸 is being targeted. Who said what? 🫣 threat actor: ledear_dev sample: 9dc524efab35e8d79108fa8920119c6e Additionally, telegram vulnerability CVE-2024-7014 has already been fixed.

#BREAKING #ESETresearch NFC Android malware impersonates banking app in 🇵🇱 Poland. #NGate malware impersonates a banking verification application to steal NFC data and PIN from victims’ physical payment card. Lukas Stefanko 1/3

Malware #Crocodilus impersonates a fake “IKO Lokata” app — its icon closely resembles that of a major Polish bank 🏦. 📣 Delivered via fake ads on @Facebook. 🔗 Campaign domains: • iko-power-app[.sbs • iko-lokata[.icu 🧠 IoC: rentvillcr[.homes VT: virustotal.com/gui/file/0009a…

A Turkish threat actor and Android malware author sent a private message to security researcher Lukas Stefanko. The droppers distributed by these threat actors report victim interactions back to them using log messages in Turkish.

ESET Threat Report H1 2025: #ClickFix attacks surge 500%, SnakeStealer tops infostealer charts, and NFC fraud jumps 35x. Plus, chaos in the ransomware underworld and a new Android adware menace—Kaleidoscope. Dive into the full report: web-assets.esetstatic.com/wls/en/papers/… #ESETresearch

In H1 2025, #ESETResearch telemetry recorded a 160% surge in #Android adware & clicker detections. Leading this spike is a colorfully branded threat #Kaleidoscope, responsible for 28% of all Android #adware detections in H1. 1/6

Lukas Stefanko explains why smartphones are the perfect target for digital spies. 🎙️ Listen to Unlocked 403 Podcast now on Spotify, or Apple Podcasts, and stay one step ahead of digital threats. ESET Research #Unlocked403

🔍 True or False? #AndroidMalware myths – busted! Cybersecurity expert Lukas Stefanko tackles rapid-fire questions to separate fact from fiction. Think you’re malware-savvy? Find out. Watch #Unlocked403 on YouTube, and listen on Spotify & Apple Podcasts. ESET Research

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6