Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.

As we reported in September, in campaigns we detected in two different countries, man-in-the-middle attacks had been used to spread FinFisher, with the “man” in both cases most likely operating at the ISP level.

Wauchos is an extensible bot that allows its owner to create and use custom plugins. However, there are some plugins that are widely available and that are used by many different botnets.

For a user, it can be difficult to figure out whether an app is malicious. First off it is always good only to install applications from the Google Play store, since most malware is still mainly spread through alternative stores.

In all the cases we investigated, the final payload was a mobile banking trojan. Once installed, it behaves like a typical malicious app of this kind: it may present the user with fake login forms to steal credentials or credit card details.

Unless companies processing citizens’ personal data fully understand the reasoning behind the decisions made based on their machine-learning models, they will find themselves between a rock and a hard place.

The biggest news in malware so far this year has been WannaCryptor a.k.a. WannaCry, and one reason that particular ransomware spread so fast was because it used a “top secret” exploit developed by the NSA, an agency known to have dabbled in UEFI compromise.

The story of viruses took place in a university laboratory and, keeping in mind the parallelism, we want to show you what is a malware research laboratory like and what exactly happens there.

In 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury In 2017, the team found a new Ebury sample.