Hackers Mimic as ESET to Deliver Wiper Malware

Hackers impersonated the cybersecurity firm ESET to distribute destructive wiper malware. The campaign, which began on October 8, 2024, utilized phishing emails that appeared to originate from ESET’s legitimate domain.

The malicious emails, purportedly from “ESET’s Advanced Threat Defense Team,” warned recipients that state-backed attackers were targeting their devices.

The emails offered a download link for a fictitious “ESET Unleashed” program to combat this alleged threat.

ESET Warned Recipients (source: DoublePulsar)

Upon clicking the link, victims were directed to a ZIP file hosted on ESET Israel’s legitimate domain. The archive contained several legitimate ESET DLL files and a malicious Setup.exe, identified as a wiper malware.

Join ANY.RUN's FREE webinar on How to Improve Threat Investigations on Oct 23 - Register Here 

According to the DoublePulsar report, Security researcher Kevin Beaumont, who analyzed the attack, noted that the malware required a physical PC to activate and exhibited evasion techniques.

The wiper was also connected to a legitimate Israeli news organization’s website, possibly to avoid detection.

ESET acknowledged the incident, stating it affected their partner company in Israel, Comsecure.

The company emphasized that their systems were not compromised and that the malicious email campaign was blocked within ten minutes.

ESET Acknowledged (Source: Doublepulsar)

The attack targeted cybersecurity personnel within Israeli organizations, suggesting a strategic attempt to disrupt the country’s digital defense.

While the perpetrators remain unidentified, the tactics employed bear similarities to those used by pro-Palestinian groups like Handala, which has been linked to sophisticated attacks against Israeli targets.

It underscores the importance of verifying the authenticity of security-related communications, even when they appear to come from trusted sources.

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and their…

2 hours ago

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…

15 hours ago

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…

19 hours ago

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…

19 hours ago

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…

20 hours ago

Metasploit Framework Released with New Features

The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…

22 hours ago