My wife woke me up with coffee and then my son came running upstairs to show me he'd gotten MacOS running on his calculator. My family is NEAT.

We have received a lot questions about the Silver Sparrow malware for macOS after a publication by Red Canary, a Zscaler company. #ESETresearch has investigated and found that, far from speculations about nation-state malware, it is likely related to adware and pay-per-install schemes. 1/10

1. git clone github.com/pyinstaller/py… 2. archive_viewer.py <pyinstaller_binary> -- you get a listing 3. X <filename> (e.g. "util") In this case you also want to extract the PYZ-00.pyz file (and then use archive_viewer.py on it as well) and extract "electrum[dot]storage" file.

... it against their spouses - not only is it unethical, it might also leak the victim’s private information and leave them at risk of #cyberattacks and #fraud. Join the talk of Lukas Stefanko today at #RSA2021 #ESETresearch 5/5

Extremely concerning reports of a forcing of a commercial plane to the ground in #Belarus and a detention of an opposition activist. Investigation is essential - any violation of international law must have consequences.

Proud to share this research paper which concludes my months of reversing scores of malicious IIS extensions 🔎🥳 Read on if you are interested in server-side threats 👇👇👇

Analysis of Android espionage against Kurdish ethnic group using commercial 888 RAT that was distributed via dedicated Facebook profiles welivesecurity.com/2021/09/07/bla… ESET Research

Dynamic inspection of new Android spyware targeting South Korea 🇰🇷 using Frida and Burp 🔊

Is there an IDA plugin for decoding HTML? I’m having a hard time keeping up with all these hacking techniques

DazzleSpy (named osxrk by its author) is Mac malware we haven’t seen before. Its features include gathering information about the system, search, download and upload files, exfiltrate the keychain and provide access to the perpetrator via remote desktop. 5/7

I want to solve the problem of "where do I get interesting Android malware samples?". I've created a website with links to a diverse set of samples. It's a very small set for now, but I'm planning on expanding it. maldroid.github.io/android-malwar…

Short thread on "CloudMensis" (discovered by ESET Research / Marc-Etienne M.Léveillé) ...includes samples (☣️) & how Objective-See Foundation's free/open-source tools fair against this new threat!🛡

First there were catchy names. Then there were logos. Then there were websites. And now we have... giant robotic figures? This is a weird timeline.

Every bigger org should do it like ESET ... let the marketing department manage the website and the blog posts but maintain the IOCs / rules in repo that the TI team has write access to. Often I reviewed IOCs, found errors / missing info and it took them hours to get it fixed.

#ESETresearch discovered a toolkit that we have named #Telekopye. This malware is implemented as a Telegram bot that, when activated, provides easy-to-navigate menus that make scamming easier. 1/4 welivesecurity.com/en/eset-resear…

It was always my favourite beer, and remains to be! 💪

#Breaking #ESETresearch releases a paper about Ebury, among the most advanced server-side Linux malware, which was deployed to 400,000 servers over the course of 15 years, primarily for financial gain. Marc-Etienne M.Léveillé welivesecurity.com/en/eset-resear… 1/8

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6