Latest news with #ESET
Forbes
15 hours ago
- Forbes
FBI Warns iPhone And Android Users—Do Not Share These Texts
Do not make this mistake on your phone. Republished on July 29 with new text attack warnings for smartphones users. The FBI warns that 'malicious actors' continue to send fraudulent texts and voice messages to 'gain access to personal accounts.' Do not reply to messages unless you recognize the sender's number. But there's more you must do to safeguard accounts. America is under attack from a malicious texting industry sending out billions of messages. Whether undelivered packages, unpaid tolls and DMV fines or Amazon refunds, the objective is to steal your data, your money, even your identity. But sometimes even legitimate texts can be dangerous. We're talking two-factor authentication (2FA), which the bureau says you should set up 'on any account that allows it,' and should 'never disable.' But most 2FA codes are delivered by text. And the problem with texts is that you can send them on to others. Never do that, the FBI warns — regardless of who's asking. 'Actors may use social engineering techniques to convince you to disclose a 2FA code,' the bureau says in an advisory reshared this week. Doing so lets attackers 'compromise and take over accounts.' Even if the request comes from someone you know, 'never provide a two-factor code to anyone over email, SMS/MMS or encrypted messaging.' ESET's Jake Moore warns the same. 'Scammers often trick people into revealing them to bypass security checks and take control so even if someone claims to be from your bank, trusted company or even a family member, keep OTPs to yourself.' This all sounds very basic. But if an attacker hijacks one of your friend's messaging accounts, they can pretend to be your friend and ask you to send a code, telling you their phone is not working. The scam is remarkably effective. While you should never share OTP text messages, you can better protect yourself if you stop using them altogether. Use an authenticator app, or better still use a passkey. This links your account to your physical device, making it impossible to steal and use a code. Shifting from SMS to authenticator apps or passkeys is critical now SMS interception and bypass is more common. Per Cybersecurity News, 'criminal enterprises no longer require extensive technical expertise to deploy advanced mobile threats, as ready-to-use malware kits are now available for subscription fees as low as $300 per month.' Banks in Australia and UAE are already calling time on SMS 2FA codes, and you should now do the same. But if you are using those codes, it's even more critical that you never share them, regardless of who is who's asking and the reason they're giving. While SMS persists, Cybersecurity News warns of a 'fundamental shift toward industrialized cybercrime, where specialized providers handle technical complexities while criminal customers focus solely on victim targeting and monetization strategies.' This isn't new. Per one warning from 2021, while 'figures suggest users who enabled 2FA ended up blocking about 99.9% of automated attacks, as with any good cybersecurity solution, attackers can quickly come up with ways to circumvent it. They can bypass 2FA through the one-time codes sent as an SMS to a user's smartphone.'
Forbes
a day ago
- Forbes
FBI Warns All Smartphone Users—Never Send These Texts
Do not make this mistake on your phone. The FBI warns that 'malicious actors' continue to send fraudulent texts and voice messages to 'gain access to personal accounts.' All smartphone users have been told not to reply to messages unless they recognize the sender's number or email address. But the bureau has also issued advice for citizens to stop accounts being hijacked. This relates to text messages. America is under attack from a malicious texting industry sending out billions of messages. Whether undelivered packages, unpaid tolls and DMV fines or Amazon refunds, the objective is to steal your data, your money, even your identity. But sometimes even legitimate texts can be dangerous. We're talking two-factor authentication (2FA), which the bureau says you should set up 'on any account that allows it,' and should 'never disable.' But most 2FA codes are delivered by text. And the problem with texts is that you can send them on to others. Never do that, the FBI warns — regardless of who's asking. 'Actors may use social engineering techniques to convince you to disclose a 2FA code,' the bureau says in an advisory reshared this week. Doing so lets attackers 'compromise and take over accounts.' Even if the request comes from someone you know, 'never provide a two-factor code to anyone over email, SMS/MMS or encrypted messaging.' ESET's Jake Moore warns the same. 'Scammers often trick people into revealing them to bypass security checks and take control so even if someone claims to be from your bank, trusted company or even a family member, keep OTPs to yourself.' This all sounds very basic. But remember, if an attacker hijacks one of your friend's messaging accounts, they can message you pretending to be your friend, asking you to send the code you will receive. They will tell you their phone is not working and they have given your number for the code instead. The scam is remarkably effective. While you should never share OTP text messages, you can better protect yourself if you stop using them altogether. It's far better to use an authenticator app, which most major platforms now offer as an alternative to SMS. And better still use a passkey. This links your account to your physical device, making it impossible to steal and use a code. Banks in Australia and UAE are already calling time on SMS 2FA codes, and you should now do the same. But if you are using those codes, it's even more critical that you never share them, regardless of who is who's asking and the reason they're giving.
Mid East Info
4 days ago
- Mid East Info
ESET Research uncovers variants of AsyncRAT, popular choice of cybercriminals - Middle East Business News and Information
ESET Research is releasing its analysis of AsyncRAT — a remote access tool (RAT) designed to remotely monitor and control other devices. Over the years, AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of its variants and forks (customized and improved versions of the original tool). The published analysis provides an overview of the most relevant forks of AsyncRAT, drawing connections between them and showing how they have evolved. AsyncRAT, an open-source RAT, was released on GitHub in 2019 by a user going by the name of NYAN CAT. It offers a wide range of typical RAT functionalities, including keylogging, screen capturing, credential theft, and more. Its simplicity and open-source nature have made it a popular choice among cybercriminals, leading to its widespread use in various cyberattacks. 'AsyncRAT introduced significant improvements, particularly in its modular architecture and enhanced stealth features, making it more adaptable and harder to detect in modern threat environments. Its plug-in-based architecture and ease of modification have sparked the proliferation of many forks, pushing the boundaries even further,' says ESET researcher Nikola Knežević, author of the study. Ever since it was released to the public, AsyncRAT has spawned a multitude of new forks that have built upon its foundation. Some of these new versions have expanded on the original framework, incorporating additional features and enhancements, while others are essentially the same version in different clothes. The most popular variants for the attackers, according to ESET telemetry, are DcRat, VenomRAT, and SilverRAT. DcRat offers a notable improvement over AsyncRAT in terms of features and capabilities, while VenomRAT is packed with further additional features. However, not all RATs are serious in nature, and this applies equally to AsyncRAT forks. Clones like SantaRAT or BoratRAT are meant to be jokes. Despite this, ESET has found instances of real-world malicious usage of these in the wild. In its analysis, ESET Research has cherry-picked some lesser-known forks, too, as they enhance AsyncRAT's functionality beyond the features included in the default versions. These exotic forks are often the work of one person or group, and they make up less than 1% of the volume of AsyncRAT samples. 'The widespread availability of frameworks such as AsyncRAT significantly lowers the barrier to entry for aspiring cybercriminals, enabling even novices to deploy sophisticated malware with minimal effort. This development further accelerates the creation and customization of malicious tools. This evolution underscores the importance of proactive detection strategies and deeper behavioral analyses to effectively address emerging threats,' concludes Knežević. For a more detailed analysis and technical breakdown of various AsyncRAT variants and forks, check out the latest ESET Research blogpost, 'Unmasking AsyncRAT: Navigating the labyrinth of forks,' on Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research. About ESET ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown— securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit or follow our social media, podcasts and blogs.
Channel Post MEA
6 days ago
- Business
- Channel Post MEA
ESET Strengthen its position in Latest Gartner Magic Quadrant for Endpoint Protection Platforms
ESET announces that it is one of only two vendors, out of fifteen evaluated, to improve its relative position in the 2025 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP). This year, ESET has advanced its position, reflecting a stronger Ability to Execute and enhanced Completeness of Vision. To ESET, this progress highlights its ongoing commitment to innovation, customer-centric development, and strategic focus on delivering high-performance endpoint protection platform solutions for organizations worldwide. As stated in the latest Gartner Magic Quadrant for EPP, where ESET is recognized as a Challenger, 'ESET PROTECT is well-suited for small and midsize organizations seeking mature endpoint prevention and protection capabilities.' 'We are proud to see our progress recognized by Gartner,' said Pavol Balaj, Chief Business Officer at ESET. 'Our improved position in the Magic Quadrant for Endpoint Protection Platforms reflects our unwavering commitment to delivering powerful, reliable, and accessible cybersecurity solutions. This progress is a testament to our dedication to customer value and cybersecurity excellence. We remain focused on helping organizations of all sizes stay resilient in an increasingly complex threat landscape.' The Gartner Magic Quadrant for EPP includes the following key strengths of ESET: Customer Experience : ESET is praised for its responsive and helpful technical and account support. : ESET is praised for its responsive and helpful technical and account support. Operations : ESET focuses heavily on EPP R&D, with most revenue coming from EPP products. : ESET focuses heavily on EPP R&D, with most revenue coming from EPP products. Geographic Strategy: ESET supports multiple European and Asian languages, appealing to a global audience. Additionally, the Magic Quadrant describes ESET as a 'vendor that supports cloud-delivered, hybrid, and on-premises (including air-gapped) management of EPP. In addition to EPP, ESET also offers workspace security controls such as email security.' As further stated in the report, ESET's recent innovations include a proprietary ransomware rollback feature, AI PC integration with Intel to reduce endpoint CPU load, and expanded vulnerability assessment and patch management across Windows, macOS, and Linux. These advancements are part of ESET's broader roadmap to enhance multitenancy, third-party integrations, and expand into adjacent security domains such as identity and workload protection. Further validating ESET's technical excellence, the 2025 Gartner Critical Capabilities for Endpoint Protection Platforms report states: 'ESET PROTECT delivers reliable core endpoint protection, with high protection efficacy and solid cloud-based management. Its mature hybrid management capabilities enable effective operation in environments with limited or intermittent connectivity, supporting compliance and protection for organizations with strict regulatory or data residency needs.' ESET PROTECT is a comprehensive cybersecurity platform designed to meet the evolving needs of modern organizations. Built on decades of expertise and continuous innovation, it delivers a Prevention-First approach to security, integrating advanced technologies and security services into a single, scalable solution.
Channel Post MEA
22-07-2025
- Channel Post MEA
ESET Identifies Variants of AsyncRAT, Favourite With Cybercriminals
ESET Research has released its analysis of AsyncRAT — a remote access tool (RAT) designed to remotely monitor and control other devices. Over the years, AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of its variants and forks (customized and improved versions of the original tool). The published analysis provides an overview of the most relevant forks of AsyncRAT, drawing connections between them and showing how they have evolved. AsyncRAT, an open-source RAT, was released on GitHub in 2019 by a user going by the name of NYAN CAT. It offers a wide range of typical RAT functionalities, including keylogging, screen capturing, credential theft, and more. Its simplicity and open-source nature have made it a popular choice among cybercriminals, leading to its widespread use in various cyberattacks. 'AsyncRAT introduced significant improvements, particularly in its modular architecture and enhanced stealth features, making it more adaptable and harder to detect in modern threat environments. Its plug-in-based architecture and ease of modification have sparked the proliferation of many forks, pushing the boundaries even further,' says ESET researcher Nikola Knežević, author of the study. Ever since it was released to the public, AsyncRAT has spawned a multitude of new forks that have built upon its foundation. Some of these new versions have expanded on the original framework, incorporating additional features and enhancements, while others are essentially the same version in different clothes. The most popular variants for the attackers, according to ESET telemetry, are DcRat, VenomRAT, and SilverRAT. DcRat offers a notable improvement over AsyncRAT in terms of features and capabilities, while VenomRAT is packed with further additional features. However, not all RATs are serious in nature, and this applies equally to AsyncRAT forks. Clones like SantaRAT or BoratRAT are meant to be jokes. Despite this, ESET has found instances of real-world malicious usage of these in the wild. In its analysis, ESET Research has cherry-picked some lesser-known forks, too, as they enhance AsyncRAT's functionality beyond the features included in the default versions. These exotic forks are often the work of one person or group, and they make up less than 1% of the volume of AsyncRAT samples. 'The widespread availability of frameworks such as AsyncRAT significantly lowers the barrier to entry for aspiring cybercriminals, enabling even novices to deploy sophisticated malware with minimal effort. This development further accelerates the creation and customization of malicious tools. This evolution underscores the importance of proactive detection strategies and deeper behavioral analyses to effectively address emerging threats,' concludes Knežević.
