Tag: ESET

ESET researchers have found a cyber espionage campaign that used Google Play to distribute apps bundled with VajraSpy RAT code

ESET researchers have identified 12 Android espionage apps that share the same malicious code; six were available on Google Play. All the observed applications were advertised as messaging tools, apart from one that posed as a news app. In the background, these apps covertly execute remote access trojan (RAT) code called VajraSpy, used for targeted espionage by the Patchwork APT group. The campaign mostly targeted users in Pakistan. Based on ESET’s investigation, the threat actors behind the trojanized apps probably used a honey-trap romance scam to lure their victims into installing the malware.

VajraSpy has a range of espionage functionalities that can be expanded based on the permissions granted to the app bundled with its code. It steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera.

Based on available numbers, the malicious apps that used to be available on Google Play were downloaded more than 1,400 times. During the ESET investigation, weak operational security of one of the apps led to some victim data being exposed, which allowed researchers to geolocate 148 compromised devices in Pakistan and India. These were likely the actual targets of the attacks. ESET is a member of the App Defense Alliance and an active partner in the malware mitigation program, which aims to quickly find Potentially Harmful Applications and stop them before they ever make it onto Google Play. As a Google App Defense Alliance partner, ESET identified the malicious apps and reported them to Google, and they are no longer available on the Play store. However, the apps are still available on alternative app stores.

Last year, ESET detected a trojanized news app called Rafaqat being used to steal user information. Further research has uncovered several more applications with the same malicious code. In total, ESET analyzed 12 trojanized apps, six of which (including Rafaqat) had been available on Google Play, and six found in the wild – in the VirusTotal database. These apps had various names, such as Privee Talk, MeetMe, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, YohooTalk, TikTalk, Hello Chat, Nidus, GlowChat, and Wave Chat.

To entice their victims, the threat actors likely used targeted honey-trap romance scams, initially contacting the victims on another platform and then convincing them to switch to a trojanized chat application. “Cybercriminals wield social engineering as a powerful weapon. We strongly recommend against clicking any links to download an application that are sent in a chat conversation. It can be hard to stay immune to spurious romantic advances, but it pays off to always be vigilant,” advises ESET researcher Lukáš Štefanko, who discovered this Android spyware.

According to the MITRE ATT&CK database, Patchwork has not been definitively attributed and only circumstantial evidence suggests the group may be a pro-Indian or Indian entity. This APT group targets mostly diplomatic and government entities.

For more technical information about VajraSpy and the spying apps from the Patchwork APT group, check out the blog post “VajraSpy: A Patchwork of espionage apps” on WeLiveSecurity.com. Make sure to follow ESET Research on X (formerly known as Twitter) for the latest news from ESET Research.

ESET HOME—a new comprehensive security management platform

ESET, a global leader in cybersecurity, today announced the launch of its new innovative and streamlined offering for consumers. With more than 30 years on the market, ESET has moved to unify its broadly deployed consumer product portfolio. Specifically, ESET is introducing three brand-new customer-centric subscription tiers, providing both broad and reliable digital life protection via new features such as Virtual Private Network (VPN), Identity Protection, and a Browser Privacy & Security extension. To meet customer demand for an all-in-one approach that enables easy and intuitive use with all these new features, ESET has introduced an improved ESET HOME, the complete security management platform. It is available on all major operating systems —Windows, macOS, Android, and iOS—and includes visibility into home networks and connected smart devices.

At ESET, we’re thrilled to unveil our cutting-edge consumer solutions. It’s more than just security – it’s a comprehensive portfolio designed to keep our customers safe in today’s digital landscape. We’re dedicated to advancing technology without compromising their safety. Our team has poured their expertise into creating a powerful blend of AI, human insight, and cloud protection, delivering a state-of-the-art defense against a multitude of cyber threats. The new ESET HOME Security subscription tiers offer multilayered security, protect privacy, and keep the devices and homes of our customers safe. With ESET, they’re not just protected; they’re empowered to explore, connect, and thrive securely,“ said Mária Trnková, Chief Marketing Officer at ESET.

Complete security management platform

Research among ESET customers shows that the vast majority of ESET HOME users define themselves as home admins, those who take care of their household’s digital security. They are tech savvy but don’t want to spend much time managing ESET products. To meet customers’ needs, ESET has made improvements to ESET HOME. Now, as a complete security management platform, it is a seamless part of the user experience. In this version, managing devices, making online purchases, subscription activation and renewal, downloading or upgrading security solutions, and enabling powerful functionalities like Identity Protection,1 VPN security, Password Manager and more, are all a seamless part of existing user flows.

To enhance user experience and simplify the platform’s management, ESET has made several interface changes, including the introduction of our Overall Protection Status, so users can see the level of protection for their households in one view. This combines both the validity status of a user’s licenses and the security status of devices connected to the account in three categories: Protected, Attention Required, and Security Alert.

These changes aim to provide customers with cutting-edge protection, while minimal interaction is needed to set up the product. At the same time, this new ecosystem provides meaningful options and functionality for proactive users who want to control and customize it. ESET HOME is an easy-to-use web portal and mobile app available for both iOS and Android.

Explore new subscription tiers and their features

Also introduced with this launch are three subscription tiers for this new ecosystem—ESET HOME Security Essential, ESET HOME Security Premium, and ESET HOME Security Ultimate. Subscription tiers provide all-in-one protection, from the entry level of protection up to the ultimate level, covering the complex needs of individuals and their households for digital life privacy and security. ESET HOME Security subscriptions are available on all major operating systems —Windows, macOS, Android, and iOS.

ESET HOME Security Essential is an entry-level subscription tier with protection features, including improved modern endpoint security and multilayered real-time protection, as well as additional tools that further enhance the user’s ability to protect against various threats. Included are the Safe Banking and Safe Browsing features, designed to protect users’ sensitive data, and Network Inspector, a diagnostic tool providing information on the security of the user’s router and display of devices connected to the network. Newly developed browser extensions provide enhancement of the Browser Privacy & Security feature. This includes cleanup tools, such as Browser Cleanup, which cleans cookies, history, and much more from the browser, regularly or on demand.

The middle tier, ESET HOME Security Premium, extends the feature set further by adding other security functionalities such as a Password Manager, which protects and stores users’ passwords and personal data. This includes an automatic and accurate form-filling feature, saving users time when filling out web forms. Secure Data functionality boosts their privacy and security with powerful encryption of files and removable media, preventing data theft in the event of USB or laptop loss, and ensuring secure collaboration and data sharing. ESET HOME Security Premium offers the ESET LiveGuard tool, cloud-based protection specifically designed to mitigate never-before-seen threats.

ESET HOME Security Ultimate is the most advanced subscription tier; it seamlessly provides complex all-in-one protection and introduces brand-new ESET features: Identity Protection1 and VPN.  These features are also complemented by the browser extension functionality (Browser Privacy & Security), to ensure that the user’s browsing is protected. Additionally, Metadata Cleanup removes metadata from uploaded pictures to the browsers on Windows. Website Settings Review allows users to easily review and change permissions granted to websites.

Enhancing online security: Introducing VPN, Identity Protection1 feature

With the new offering, ESET introduces two groundbreaking features aimed at bolstering online security and privacy—VPN and Identity Protection1.

VPN functionality offers users a confidential internet experience by establishing a private network connection guaranteeing protection while using public Wi-Fi, and enforcing a strict no-logs policy to make it more difficult to track. It encrypts users’ online activities and enables unlimited bandwidth access to geo-restricted content, including unrestricted and private access to websites in more than 60 countries worldwide. Thanks to this feature, users can securely access their home countries’ TV shows and movies while traveling or enjoy their favorite streaming services from different parts of the world. Even more features are available on the VPN service running on desktop, including DNS leak protection, MAC spoofing, proxy gateway for other devices, firewall, and split tunneling.

The new Identity Protection1 feature actively scans for compromised user identities and monitors user-input data, cross-referencing it against known online data leaks on the dark web. Users enter their data such as email accounts, or IDs that they want to check. When a match is made, the user is immediately notified, enabling swift action against potential misuse of their personal information.

All new features reflect customer demand for elevated data and identity protection, as evidenced by the findings of recent surveys, notably the 2022 Consumer Digital Life Protection Survey. By adding VPN and Identity Protection1 on iOS, ESET is strengthening its presence on this platform where Password Manager and ESET HOME are already established.

Device-tailored security solutions

ESET HOME Security takes device protection to a new level by seamlessly integrating a suite of standalone device protection solutions tailored to meet customers’ security needs. This includes ESET NOD32 AntivirusESET Mobile Security for AndroidParental Control for Android, and ESET Smart TV Security.

More information about the new consumer offering and subscription tiers can be found here. 1. The Identity Protection functionality is currently available in the US market only, with global roll out planned in H1/2024.