All news in category "Threat and Trends Reports"

Rogue CAPTCHAs: Phony Verification Pages Spread Malware

🔒 Phony CAPTCHA pages are being used to trick users into running commands that invoke legitimate Windows tools like PowerShell or mshta.exe, which then download and install malware. Threat actors—including those using the social engineering method ClickFix—deploy infostealers, remote access trojans, ransomware and cryptominers through deceptive verification prompts that appear legitimate. Users should avoid executing pasted commands, keep systems and security software updated, and consider ad blockers to reduce exposure.

Understanding Why Your Personal Data Is So Valuable

🔒 In this episode of Unlocked 403, host Becks and ESET Global Security Advisor Jake Moore examine how everyday online activity becomes a marketable commodity. They explain how social media, apps and websites harvest, analyze and monetize both first- and third-party data, and why metadata often reveals more than expected. The conversation highlights risks for children and the long-term consequences of pervasive collection. Jake shares practical tips for tightening app privacy settings, limiting permissions and embracing data minimization to better protect personal information.

Unmasking AsyncRAT: Mapping Forks and Variants in the Wild

🛡️ ESET Research reviews the sprawling ecosystem of AsyncRAT, an open-source C# remote access trojan first published in 2019, and the many forks that have proliferated since. The post maps major families—most notably DcRat and VenomRAT—and outlines rapid identification techniques based on client configuration, embedded certificates, and behavior. It highlights uncommon plugins (USB spreaders, screamers, clipboard clippers, distributed brute modules) and stresses evolving obfuscation and evasion tactics.

How to Break into Cybersecurity: Skills and Traits

🔐 In this Cybersecurity Podcast episode, ESET Principal Threat Intelligence Researcher Robert Lipovsky outlines the practical skills and personality traits useful for newcomers to the field. He addresses common questions about coding ability, college degrees, and whether formal qualifications are required. Lipovsky emphasizes curiosity, persistence, and a willingness to learn alongside foundational technical skills. The discussion frames these recommendations within an evolving threat landscape and ESET’s broader career guidance.

Task scams: Don't pay to get paid — warning for jobseekers

⚠️ Task scams are rising employment frauds that lure jobseekers with easy micro-tasks and visible “earnings,” then pressure victims to pay to unlock funds. The schemes use gamification, spoofed sites and messaging apps, often asking for cryptocurrency deposits or “level-up” fees. Victims see initial fake gains, then lose payments with no recourse. Always verify recruiters and never pay upfront.

Gamaredon 2024: Enhanced Spearphishing vs Ukrainian Targets

🔍 ESET Research describes Gamaredon’s 2024 shift to exclusively target Ukrainian government institutions, significantly increasing spearphishing scale and frequency while adopting new delivery techniques such as malicious hyperlinks and LNK files served from Cloudflare domains. The group introduced six new PowerShell and VBScript-based tools and upgraded existing implants with improved obfuscation, registry-based persistence, and stealth features. Operators have largely hidden C2 infrastructure behind Cloudflare tunnels and increasingly rely on third-party platforms and DoH for resilience.

ESET Threat Report H1 2025: Key Cyberthreat Findings

🛡️ The ESET research team has released the H1 2025 Threat Report, summarizing cyberthreat activity from December 2024 through May 2025. The report highlights a rapid rise in a new social engineering technique, ClickFix, with detections increasing more than fivefold, and a 160% surge in Android adware linked to evil twin fraud and PUAs. It also notes growing numbers of ransomware attacks and gangs even as overall payment values trended downward. Watch ESET Chief Security Evangelist Tony Anscombe's video overview and consult the full report for details and mitigation guidance.

ESET APT Activity Report - Q4 2024 to Q1 2025 Overview

🔍 The latest ESET APT Activity report and podcast episode summarize intrusion activity observed across Q4 2024–Q1 2025, highlighting persistent and evolving adversary techniques. ESET researchers spotlight China-aligned actors such as UnsolicitedBooker, which repeatedly targeted the same organization with the MarsSnake backdoor, and tool-sharing trends centered on groups like Worok. The report also covers Russia-aligned operations — Sednit’s expanded Operation RoundPress against webmail platforms, ongoing Gamaredon obfuscation in Ukraine, and Sandworm’s use of the ZEROLOT wiper — plus activity from other regional actors that complicate attribution and detection.