My teammates' insight into the previously undisclosed tooling, MDeployer and MS4Killer, used by #Embargo, one of the newly emerged RaaS #ransomware groups.

#ESETresearch You may have heard about #Grandoreiro resurrection after its disruption in January. This is not entirely true. In short: the disrupted Grandoreiro is different from the currently active Grandoreiro strain. Read further to learn more. 1/9

Following up, Spain’s @policia stated that over the course of 2 years they arrested a total of 133 mules in 🇪🇸 tied to #Grandoreiro. Their operation is directly linked to the one by Brazil’s @policiafederal where #ESETresearch played a crucial role. https://t.co/OofhL7Tm5d 1/4

Excellent results of a great effort of a great team!

#ESETresearch discovered a toolkit that we have named #Telekopye. This malware is implemented as a Telegram bot that, when activated, provides easy-to-navigate menus that make scamming easier. 1/4 https://t.co/EtNWj8zUqf

#ESETResearch is hiring malware researchers for our 🇨🇦 🇨🇿 🇸🇰 offices. If you’d like to track some of the most impactful APTs/cybercrime campaigns, don’t wait and apply here 👇 🇨🇦: https://t.co/HLOAkkZNB7 🇨🇿: https://t.co/AbhB3Pi1oK 🇸🇰: https://t.co/1cKeEdAyBk #infosecjobs 1/4

#BREAKING #Sandworm continues attacks in Ukraine 🇺🇦. #ESETresearch found an evolution of a malware loader used during the #Industroyer2 attacks. This updated piece of the puzzle is malware @_CERT_UA calls #ArguePatch. ArguePatch was used to launch #CaddyWiper. #WarInUkraine 1/6

#ESETresearch participated in the action to disrupt the #Zloader botnets along with many partners. Our historical telemetry shows Zloader being distributed mostly in North America and Europe. https://t.co/2tNxFK7ixr @0xE9FBFFFFFF @jiboutin 1/3

🇺🇦 #BREAKING #ESETresearch continues to investigate the #HermeticWiper incident. We uncovered a worm component #HermeticWizard, used to spread the wiper in local networks. We also discovered another wiper, called #IsaacWiper deployed in #Ukraine. https://t.co/hBA2NKy5Lf 1/4

Breaking. #ESETResearch discovered a new data wiper malware used in Ukraine today. ESET telemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS attacks against several Ukrainian websites earlier today 1/n

#ESETresearch identified a new non-prevalent variant of #Grandoreiro. The two most crucial changes are string table obfuscation and new targets from LATAM and EU 🇪🇺 countries, US 🇺🇸, Canada 🇨🇦, Australia 🇦🇺 and United Arab Emirates 🇦🇪. The DGA is slightly changed as well. 1/3

#ESETresearch concludes its LATAM banking trojan series. We look at how the scene changed in the last 2y, briefly describe Lokorrito, Krachulka and Zumanek, which became dormant before getting their own piece & hypothesize what the future might bring. https://t.co/BkWuMYekqV 1/3

#ESETresearch continues its series about Latin American banking trojans, this time featuring #Numando, a malware family targeting almost exclusively Brazil 🇧🇷 since at least 2018. @RoboSuman https://t.co/hl2MVTrdSI 1/3

16 people arrested in 🇪🇸 Spain due to connections to #Mekotio and #Grandoreiro, two LATAM banking trojans operating in Europe since 2020. https://t.co/tKOT1IhVJd #ESETresearch @SCrow357 1/5

#ESETresearch responded to ransomware deployed as supply-chain attack against #Kaseya VSA users attributed to #REvil beginning Friday afternoon EDT (US)/evening CEST (Europe). Detection was added for Win32/Filecoder.Sodinokibi.N on Friday shortly after. https://t.co/O6ESZMUMmQ 1/3

#ESETresearch telemetry shows majority of reports of Win32/Filecoder.Sodinokibi.N (#REvil) coming from 🇬🇧UK, 🇨🇦CA, 🇿🇦ZA, 🇨🇴CO and 🇩🇪 DE, followed by 🇳🇿NZ, 🇺🇸US, 🇦🇷AR, 🇮🇩 ID, 🇲🇽MX and 🇪🇸ES in decreasing order. @goretsky 1/2

#ESETresearch discovered a campaign distributing #Grandoreiro banking trojan targeting the US 🇺🇸. This is the first campaign of a LATAM banking trojan outside of LATAM and Europe we have observed. It is spreading via malicious ads leading to https://spotifyannounce[.]com. 1/4

#ESETresearch continues its series about Latin American banking trojans, this time focusing on #Ousaban, a malware family targeting Brazil 🇧🇷 since at least 2018. @RoboSuman  https://t.co/qkJ0xz7H4e 1/4

A massive spam campaign distributing the #Ousaban banking trojan hit Brazil recently. Counting the files inside the ZIP archives included in its distribution chain, we get an unbelievable 143 files, most of them decoys. #ESETresearch will publish details about #Ousaban soon. 1/5

New #Casbaneiro campaign targets Mexico🇲🇽. Interestingly,foreground window checking is done by the third PowerShell downloader instead of the final payload. Only when the victim visits a targeted banking website, #Casbaneiro is downloaded and executed.@RoboSuman #ESETresearch 1/5