BRATISLAVA — June 1, 2023 —  ESET, a global leader in cybersecurity, is proud to announce the establishment of its new Marketing, Communication, and Digital Business division, appointing Mária Trnková as Chief Marketing Officer. This strategic move, effective June 1, 2023, reflects ESET’s commitment to innovation, enhancing partner and customer experiences, and strengthening its brand presence in the market.

In her new role as Chief Marketing Officer, Mária will spearhead the newly formed Marketing, Communication, and Digital Business division. This strategic division will enhance ESET’s marketing support across segments, fortify its brand position, and foster innovation through closer collaboration with technology and Environmental, Social, and Governance (ESG) teams. The key enabler for successful marketing implementation will be close cooperation with regional and local branches, ensuring delivery of the utmost value to customers.

Richard Marko, Chief Executive Officer of ESET, expressed his excitement about appointing Mária Trnková as Chief Marketing Officer. He stated, “At ESET, we continuously work on strengthening the position of our brand in the market through research and innovations, but also on improving our performance and finding the right solutions for our customers’ needs. Mária’s appointment as CMO represents a significant step forward for ESET as well as our commitment to keep incorporating equity, and inclusion into our company’s leadership. Her exceptional skills and dedication to driving innovation make her the perfect fit for this role, I wish her a lot of success.”

ESET stood out in the Malware Protection Test and the Performance Test conducted by one of the globe’s leading independent security testing organizations

BRATISLAVA — June 2, 2023 —  ESET, a global leader in cybersecurity, is proud to announce that its advanced multilayered security product ESET Internet Security has received the prestigious Advanced+ awards in the recent Malware Protection Test and Performance Test conducted by AV-Comparatives. This recognition highlights ESET’s exceptional performance and its commitment to safeguarding users against malware threats.

The Malware Protection Test evaluated a range of products from 16 vendors, including ESET Internet Security, through the execution of malicious files on the system. The test encompassed vectors such as network drives, USBs, and scenarios where malware existed on the disk. The comprehensive test set comprised 10,015 recent and prevalent malware samples, representing the real-world threats faced by users. ESET Internet Security achieved an outstanding 99.9% malware protection rate. Furthermore, the test report also included a false alarm test, which evaluated the quality of file detection capabilities of antivirus products. Notably, ESET Internet Security exhibited flawless performance with zero false alarms, reinforcing its reliability and demonstrating its ability to detect legitimate files and potential malware threats effectively.

In the latest Performance Test, both “Antivirus” and “Internet Security” consumer products underwent testing – both referred to as security products. The results demonstrate the impact on system performance that a security product has when compared to other tested security products from 16 vendors. The Performance Test comprises several assessments, and the results from these tests collaboratively shape the overall Impact Score. To test the product’s efficiency in using minimal resources, the performance impact across various routine operations, such as file copying, archiving, installing, launching applications, downloading files, and browsing websites, was assessed. The products were classified as Slow, Mediocre, Fast, and Very Fast based on the median results. In addition, the test also ran under the industry-recognized PC Mark benchmark, where the test machine, without any security software, was assigned a PC Mark score of 100 points. Particularly in the PC Mark assessment, ESET Internet Security claimed the top position with 98.4 points, highlighting the efficacy and overall performance of the solution in real-world use.

ESET Internet Security excelled in this rigorous assessment in both the Malware Protection and the Performance Tests. This remarkable score positioned ESET Internet Security among the top of all 16 vendors’ products. It showcased its commitment to delivering robust digital security solutions while fostering trust among consumers guided by AV-Comparatives’ test results.

“We have a deep commitment at ESET to continuously monitor the evolving security landscape and provide advanced solutions. ESET Internet Security, our best mobile multilayered protection against all types of malware threats, helps our modern users concerned about their privacy, who actively use the internet for shopping, banking, work, and communication. Thus, we are thrilled to receive the Advanced+ awards in the Malware Protection Test and the Performance Test by AV-Comparatives, one of the globe’s leading independent security testing organizations,” said Mária Trnková, Vice President of the Consumer and IoT Segment at ESET. “This achievement is a testament to our relentless pursuit of excellence in protecting our users with admirable solutions based on the continuous development of our core ESET technologies. We remain committed to delivering security solutions that provide the highest level of protection without compromising on usability.”

BRATISLAVA — May 26, 2023 —  ESET, a global leader in digital security, was included in Forrester’s The Endpoint Security Landscape, Q2 2023 report. The report provides an overview of 33 worldwide endpoint security vendors, amongst which ESET is recognized as a notable endpoint security provider based on product revenue. Landscape reports help Forrester clients become more educated about a market by defining current-state market maturity, detailing the top market dynamics and use cases, and providing a list of vendors or providers, which they might prioritize based on size, focus and geography.

As stated in the report, endpoint security solutions are the first and last line of defense for business users, protecting their devices from malware, detecting and responding to dangerous or malicious actions, and resolving incidents quickly and efficiently. Therefore, the critical importance of endpoint security is covered by this report, and by being included in it, ESET is acknowledged as a notable player in this mature market. Vendors in the report vary by size, geography, and use case, including five extended use cases of browser security, enhanced security measures, flexible reporting, mobile threat defense and unmanaged device protection. These are use cases that buyers look to address in addition to the core use cases (endpoint protection, incident resolution, device control). ESET is among those representative vendors with browser security, flexible reporting and mobile threat defense as extended use cases.

“At ESET, we closely monitor the security landscape we and our customers operate in. Based on our telemetry, we keep expanding our endpoint protection offering by adding new features. Our solutions are created with our customers in mind as we introduce options to compensate for our customers’ understaffed security teams, allowing the companies to focus on their operations and what really matters to them,” said Jakub Debski, Chief Product Officer at ESET. “We are very proud to be included in Forrester’s report because, as a privately owned, tech-focused company, we have always taken a science-based, security-first approach to developing our solutions.”

The full report can be accessed via a subscription here.
For more information about ESET’s awards and recognition, click here. 

• ESET researchers publish details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families.
• AceCryptor samples are very prevalent worldwide because multiple threat actors are actively using the cryptor malware to spread packed malware in their campaigns.
• During 2021 and 2022, ESET protected more than 80,000 customers affected by malware packed by AceCryptor.
• Altogether, there have been 240,000 detections, including the same sample detected at multiple computers, and one computer being protected multiple times by ESET software. This amounts to over 10,000 hits every month.
• Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware used to steal credit card credentials and sensitive data, upload and download files, and even steal cryptocurrency.
• AceCryptor is heavily obfuscated and has multiple variants, and throughout the years, has incorporated many techniques to avoid detection.

BRATISLAVA — May 25, 2023 — ESET researchers revealed today details about a prevalent cryptor malware, AceCryptor, which operates as a cryptor-as-a-service used by tens of malware families. This threat has been around since 2016, and has been distributed worldwide, with multiple threat actors actively using it to spread packed malware in their campaigns. During 2021 and 2022, ESET telemetry detected over 240,000 detection hits of this malware, which amounts to over 10,000 hits every month. It is likely sold on dark web or underground forums, and tens of different malware families have used the services of this malware. Many rely on this cryptor as their main protection against static detections.

Among the malware families found that used AceCryptor, one of the most prevalent was RedLine Stealer – malware available for purchase on underground forums and used to steal credit card credentials and other sensitive data, upload and download files, and even steal cryptocurrency. RedLine Stealer was first seen in Q1 2022; distributors have used AceCryptor since then, and continue to do so. “Thus, being able to reliably detect AceCryptor not only helps us with visibility into new emerging threats, but also with monitoring the activities of threat actors,” explains Kaloč.

Because AceCryptor is used by multiple threat actors, malware packed by it is distributed in multiple ways. According to ESET telemetry, devices were exposed to AceCryptor-packed malware mainly via trojanized installers of pirated software, or spam emails containing malicious attachments. Another way someone may be exposed is via other malware that downloaded new malware protected by AceCryptor. An example is the Amadey botnet, which we have observed downloading an AceCryptor-packed RedLine Stealer.

Even though attribution of AceCryptor to a particular threat actor is not possible for now, ESET Research expects that AceCryptor will continue to be widely used. Closer monitoring will help prevent and discover new campaigns of malware families packed with this cryptor.

Heatmap of countries affected by AceCryptor according to ESET telemetry

• As a Google App Defense Alliance partner, ESET detected a trojanized app available on the Google Play Store and named the AhMyth-based malware it contained AhRat.
• Initially, the iRecorder app did not have any harmful features. What is quite uncommon is that the application received an update containing malicious code quite a few months after its launch.
• The application’s specific malicious behavior, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign.
• The malicious app with over 50,000 downloads was removed from Google Play after ESET Research’s alert; ESET has not detected AhRat anywhere else in the wild.

BRATISLAVA, KOŠICE — May 23, 2023 — ESET researchers have discovered a trojanized Android app named iRecorder – Screen Recorder. It was available on Google Play as a legitimate app in September 2021, with malicious functionality most likely added in August 2022. During its existence, the app was installed on more than 50,000 devices. The malicious code that was added to the clean version of iRecorder is based on the open-source AhMyth Android RAT (remote access trojan) and has been customized into what ESET named AhRat. The malicious app is capable of recording audio using the device’s microphone and stealing files, suggesting it might be part of an espionage campaign.

Besides the Google Play Store, ESET Research has not detected AhRat anywhere else in the wild. However, this is not the first time that AhMyth-based Android malware has been available on the official store; ESET previously published research on such a trojanized app in 2019. Back then, the spyware, built on the foundations of AhMyth, circumvented Google’s app-vetting process twice, as a malicious app providing radio streaming. However, the iRecorder app can also be found on alternative and unofficial Android markets, and the developer also provides other applications on Google Play, but they don’t contain malicious code.

“The AhRat research case serves as a good example of how an initially legitimate application can transform into a malicious one, even after many months, spying on its users and compromising their privacy. While it is possible that the app developer had intended to build up a user base before compromising their Android devices through an update or that a malicious actor introduced this change in the app; so far, we have no evidence for either of these hypotheses,” explains ESET researcher Lukáš Štefanko, who discovered and investigated the threat.

The remotely controlled AhRat is a customization of the open-source AhMyth RAT, which means that the authors of the malicious app invested significant effort into understanding the code of both the app and the back end, ultimately adapting it to suit their own needs.

Aside from providing legitimate screen recording functionality, the malicious iRecorder can record surrounding audio from the device’s microphone and upload it to the attacker’s command and control server. It can also exfiltrate from the device files with extensions representing saved web pages, images, audio, video, and document files, and file formats used for compressing multiple files.

Android users who installed an earlier version of iRecorder (prior to version 1.3.8), which lacked any malicious features, would have unknowingly exposed their devices to AhRat if they subsequently updated the app either manually or automatically, even without granting any further app permission approval.

“Fortunately, preventive measures against such malicious actions have already been implemented in Android 11 and higher versions in the form of app hibernation. This feature effectively places apps that have been dormant for several months into a hibernation state, thereby resetting their runtime permissions and preventing malicious apps from functioning as intended. The malicious app was removed from Google Play after our alert, which confirms that the need for protection to be provided through multiple layers, such as ESET Mobile Security, remains essential for safeguarding devices against potential security breaches,” concludes Štefanko.

ESET Research has not yet found any concrete evidence that would enable the attribution of this activity to a particular campaign or APT group.

For more technical information about the malicious iRecorder app and AhRat, check out the blogpost “Android app breaking bad: From legitimate screen recording to file exfiltration within a year” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

• From climate change to the environmental crisis, AI ethics and genetic engineering, Starmus VII, in partnership with ESET, will sharpen its focus on the future of our home planet 
• Bratislava, Slovakia, will host the seventh edition of Starmus in May 2024, raising awareness of Earth’s most urgent questions and science’s role in answering them
• Starmus begins its countdown to Bratislava with parallel launch events in the host city and at the Royal Society in London, with a panel discussion featuring some of science’s greatest minds, including Dr Jane Goodall, DBE, Founder of the Jane Goodall Institute & UN Messenger of Peace, who also joins the Starmus Advisory Board

LONDON, BRATISLAVA — May 11, 2023 —Starmus, the global festival of science communication – and the brainchild of astrophysicist Garik Israelian, PhD, and Queen guitarist Sir Brian May, who also has a PhD in astrophysics – has announced it will turn its gaze from the stars to the future of planet Earth taking its seventh edition to Bratislava in 2024.

Today, Sir Brian May and Dr. Garik Israelian announced the festival’s theme, ‘Starmus Earth: the future of our home planet,’ at a panel event at London’s Royal Society. They were joined by world-renowned ethologist and conservationist Dr. Jane Goodall, DBE, (who now joins the Starmus Advisory Board), cosmologist
Sir Martin Rees and Global Governance Professor Mary Kaldor, who led a unique discussion, moderated by Dr. Israelian, on how to solve some of our planet’s most pressing challenges.

Microbiologist and Nobel Laureate Emmanuelle Charpentier joined the panel remotely from a parallel launch event on the river Danube in Bratislava, alongside iPod inventor Tony Fadell and Richard Marko, a cybersecurity expert and CEO of ESET, the festival’s lead partner.

“Starmus has traditionally focused on interrogating the mysteries of the universe, looking upwards to inspire and educate the next generation of explorers and regenerate the spirit of discovery, bringing art, music, and the world’s greatest scientific and artistic minds together to enhance science communication,” said Starmus co-founder Dr. Garik Israelian. “As the old saying goes, ‘Earth is a planet too!’ We are a privileged part of the cosmos, and as living beings, we are made of star stuff. The very atoms in our bodies were forged in the earliest days of the universe or in the deaths of low-mass and high-mass stars. Earth is in the universe, and just as much a part of it as the stars”.

“Climate change could eventually make life on Earth untenable, and we are seeing signs of that rapid evolution now. We must take steps to take care of our world, and Starmus offers an important voice that draws attention to the urgency,” said Dr. Jane Goodall.

In 2024, Starmus will turn its gaze closer to home and analyze how we can tackle the challenges that most threaten Earth’s future, from the threats facing our environment and climate to far-reaching technologies like artificial intelligence, genetic engineering, and cybersecurity – as well as the humanitarian crises caused by armed conflict around the world.

“Since 2011, STARMUS conferences have assembled scientists and artists to look outwards at the Space around us with clear eyes, to celebrate the wonders of the Universe.  This year, more than ever, aware of the current threat of the extinction of life in the Biosphere, for the first time, STARMUS focuses inward on our home planet.  By bringing together many of the greatest and most free-thinking brains from all countries, we will try to find new answers to the questions we must now ask, to save the life of Planet Earth.” said Sir Brian May, legendary Queen guitarist and Starmus co-founder and Advisory Board member.

This year, Starmus is partnering with ESET – a global cybersecurity company headquartered in Bratislava – to inspire young people in Slovakia and around the world to take responsibility and contribute to the future of our planet, using scientific research and state-of-the-art technology.  

“ESET’s role is to deliver state-of-the-art technology and innovation that protects societal progress. We believe this progress is brought about by science,” said Richard Marko, CEO of ESET. “We are proud to partner with Starmus to join its efforts in inspiring new generations of scientists and those who appreciate its values.”

Starmus Earth will welcome world-class scientists, artists, and environmentalists to share breakthrough discoveries, debate the big questions and inspire new generations of scientists, technologists, and activists. The Starmus Advisory Board will announce the full line-up of scientists, artists, and musicians later this year, but some of the 40+ confirmed speakers at Starmus Earth include astronaut and Apollo 16 moonwalker Charlie Duke, former president of Ireland Mary Robinson, physicist Donna Strickland, and the legendary American science television presenter Bill Nye. (full list on www.starmus.com)

The festival, as in previous editions, will also award the Stephen Hawking Medal for Science Communication across four categories: Music & Arts, Science Writing, Films & Entertainment, and Lifetime Achievement.

In addition to launching its seventh edition, Starmus also released previously unseen live music performances from past iterations of the festival: “Who Wants to Live Forever?” from Starmus V, performed by Sir Brian May, Hans Zimmer, Vittorio Grigolo, Steve Vai and Rick Wakeman with the Luzern Symphony Orchestra; and “Smoke on the Water” from Starmus VI, featuring Sir Brian May,  Jeff Scott Soto, Derek Sherinian, Simon Phillips, Ric Fierabracci and Ron “Bumblefoot” Thal.

Next year’s festival will be the first Starmus since September 2022, when it was held in Yerevan, Armenia, and celebrated 50 years of mankind’s exploration of Mars. Previous incarnations of Starmus have seen the festival travel to Zurich, Switzerland; Trondheim, Norway; and Spain’s Canary Islands.

Tickets for Starmus Earth, held in Bratislava from 12-17 May 2024, will go on sale in October. For more information visit Starmus.com

• ESET has released its APT Activity Report covering Q4 2022 and Q1 2023, which summarizes the activities of selected advanced persistent threat (APT) groups.
• China-aligned threat actors Ke3chang and Mustang Panda focused on European organizations.
• North Korea-aligned groups continued to focus on South Korean and South Korea-related entities.
• Lazarus targeted employees of a defense contractor in Poland with a fake Boeing-themed job offer and also shifted its focus from its usual target verticals to a data management company in India.
• Similarities with the newly discovered Linux malware by Lazarus corroborate the theory that the infamous North Korea–aligned group is behind the 3CX supply-chain attack.
• Russia-aligned APT groups were especially active in Ukraine and EU countries.
• Sandworm deployed wipers (including a new one we call SwiftSlicer).
• Intelligence shared in the report is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers.

BRATISLAVA — May 9, 2023 — ESET has released its APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from October 2022 until the end of March 2023. The report is being published on a semi-annual basis. During this period, several China-aligned threat actors such as Ke3chang and Mustang Panda focused on European organizations. In Israel, Iran-aligned group OilRig deployed a new custom backdoor. North Korea-aligned groups continued to focus on South Korean and South Korea-related entities. Russia-aligned APT groups were especially active in Ukraine and EU countries, with Sandworm deploying wipers.

Malicious activities described in the ESET APT Activity Report are detected by ESET technology. “ESET products protect our customers’ systems from the malicious activities described in this report. The intelligence shared here is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers,” says Director of ESET Threat Research Jean-Ian Boutin.

China-aligned Ke3chang employed tactics such as the deployment of a new Ketrican variant, and Mustang Panda used two new backdoors. MirrorFace targeted Japan and implemented new malware delivery approaches, while Operation ChattyGoblin compromised a gambling company in the Philippines by targeting its support agents. India-aligned groups SideWinder and Donot Team continued to target governmental institutions in South Asia with the former targeting the education sector in China, and the latter continuing to develop its infamous yty framework, but also deploying the commercially available Remcos RAT. Also in South Asia, ESET Research detected a high number of Zimbra webmail phishing attempts.

In addition to targeting the employees of a defense contractor in Poland with a fake Boeing-themed job offer, North Korea-aligned group Lazarus also shifted its focus from its usual target verticals to a data management company in India, utilizing an Accenture-themed lure. ESET also identified a piece of Linux malware being leveraged in one of their campaigns. Similarities with this newly discovered malware corroborate the theory that the infamous North Korea–aligned group is behind the 3CX supply-chain attack.

Russia-aligned APT groups were especially active in Ukraine and EU countries, with Sandworm deploying wipers (including a new one ESET calls SwiftSlicer), and Gamaredon, Sednit, and the Dukes utilizing spearphishing emails that, in the case of the Dukes, led to the execution of a red team implant known as Brute Ratel. Finally, ESET detected that the previously mentioned Zimbra email platform was also exploited by Winter Vivern, a group particularly active in Europe, and researchers noted a significant drop in the activity of SturgeonPhisher, a group targeting government staff of Central Asian countries with spearphishing emails, leading to our belief that the group is currently retooling.

For more technical information, check the full “ESET APT Activity Report” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

ESET APT Activity Reports contain only a fraction of the cybersecurity intelligence data provided to customers of ESET’s private APT reports. ESET researchers prepare in-depth technical reports and frequent activity updates detailing activities of specific APT groups in the form of ESET APT Reports PREMIUM to help organizations tasked with protecting citizens, critical national infrastructure, and high-value assets from criminal and nation-state-directed cyberattacks. Comprehensive descriptions of activities described in this document were therefore previously provided exclusively to our premium customers. More information about ESET APT Reports PREMIUM that deliver high-quality strategic, actionable, and tactical cybersecurity threat intelligence is available at the ESET Threat Intelligence page.

• Users in mainland China at an international NGO were targeted with malware delivered through updates for software developed by Chinese companies.
• With high confidence, we attribute this activity to the Chinese-speaking Evasive Panda APT group.
• The backdoor MgBot is used for cyberespionage.

BRATISLAVA, MONTREAL — April 26, 2023 — ESET researchers have discovered a campaign conducted by the APT group known as Evasive Panda, in which update channels of legitimate Chinese applications were hijacked to also deliver the installer for the MgBot malware, Evasive Panda’s flagship cyberespionage backdoor. Chinese users were the focus of this malicious activity, which ESET telemetry shows started in 2020. The targeted users were located in the Gansu, Guangdong, and Jiangsu provinces. The majority of the Chinese victims are members of an international non-governmental organizations (NGO).

When ESET researchers analyzed the likelihood of several methods that could explain how the attackers managed to deliver malware through legitimate updates, two scenarios stood out: supply-chain compromises, and adversary-in-the-middle (AitM) attacks.

A single layer of defense is not enough in today’s constantly evolving threat landscape. For 30 years, ESET has invested in multiple layers of proprietary technology that prevent breaches and protect against zero-day attacks. The company’s XDR and MDR services pair with ESET’s endpoint security platform to support one of the most sophisticated cybersecurity arsenals on the market. These solutions can be mixed and matched with advanced threat defense modules, including advanced sandboxing, cloud office security that protects Microsoft Office apps, full disk encryption, multifactor authentication, mail server security, and ESET cybersecurity awareness training to address the human element.

Visit ESET at booth 1167 in Moscone South to demo these advanced cybersecurity solutions and to meet the ESET team. To learn more about ESET’s presentations and presence at the show, visit https://www.eset.com/us/rsac-2023/.

ESET Speakers at RSA 2023

Tony Anscombe is the chief security evangelist for ESET. With over 25 years of security industry experience, Tony is an established author, blogger, and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust, and internet safety. His speaking portfolio includes industry conferences RSAC, Black Hat, VB, CTIA, MEF, Gartner Risk and Security Summit, and the Child Internet Safety Summit. He is regularly quoted in cybersecurity, technology, and business media, including BBC, Dark Reading, the Guardian, the New York Times, and USA Today, with broadcast appearances on Bloomberg, BBC, CTV, KRON, NBC, and CBS. Tony is a board member of NCA and has previously served on the board of MEF and FOSI and held an executive position with AMTSO.

Cameron Camp is a specialized security researcher for ESET, with over 20 years of security experience all the way up the stack, from embedded devices, Internet of Things, and medical devices, to industrial control system (ICS) systems for the power grid and the networks and servers to tie them all together. He has spoken on Capitol Hill, at the National Press Club, and numerous times to legislators, as well as being quoted in the Wall Street Journal, USA Today, Associated Press, Reuters, and a host of other top-tier publications. He has been on numerous broadcast news outlets and has spoken at numerous events globally.