ESET
Coverage of ESET in the Nexus archive.
- Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
A Russian advanced persistent threat (APT) group, Gamaredon, has expanded its cyber attacks against Ukraine in 2025 by deploying new malware and abusing cloud services. Slovakian cybersecurity company ESET reported 35 spear-phishing campaigns conducted by Gamaredon, primarily targeting new entities in the second half of the year.
- Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Android spyware named Asin is targeting Arabic-speaking users through fake news, PDF, and war map apps, as discovered by ESET. The malware was spread via campaigns using websites like govlens.net to mimic legitimate sources.
- Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Two banking trojan campaigns targeting Windows and Android users in Latin America and Europe have been identified, using Grandoreiro and BTMOB malware. WatchGuard and ESET reported the attacks, which specifically target companies in Spain, Portugal, Mexico, and mobile users in Brazil.
- North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
North Korean hackers targeted ethnic Koreans in China with Android malware called 'BirdCall'. The campaign was attributed to APT37, a hacking group. The hackers used a backdoor attached to a suite of card games from Sqgame.
- China-linked hackers targeted Mongolian government using Slack, Discord for covert communications
China-linked hackers, identified by ESET as GopherWhisper, targeted Mongolian government networks since November 2023. The group used Slack and Discord for covert communications and was discovered in January 2025 after a previously unknown backdoor was found on a government institution's network.
- China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
A previously undocumented China-linked APT group named GopherWhisper has infected 12 Mongolian government systems using Go-based backdoors and loaders. ESET, a Slovakian cybersecurity firm, identified the group's tools and attack methods in a recent report.
- NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
Cybersecurity researchers have identified a new NGate malware variant targeting Brazil, which exploits the legitimate HandyPay app to steal NFC data and PINs. The malware, reportedly AI-generated, replaces the original NFCGate method previously used by the same threat actors.