Trojanized ESET Installers Drop Cobalt Strike Beacons to Target Windows Users

A new cyberattack campaign has been uncovered involving trojanized ESET security software installers that deliver Cobalt Strike beacons to Windows users. This sophisticated attack targets users by distributing malicious versions of legitimate ESET antivirus installers, which when executed, deploy Cobalt Strike, a well-known penetration testing tool often abused by threat actors for post-exploitation activities. The attackers leverage this method to gain unauthorized access and control over victim systems, potentially leading to data breaches and further malware deployment. Security researchers emphasize the importance of downloading software only from official sources and maintaining updated antivirus solutions to mitigate such threats. This incident highlights the evolving tactics of cybercriminals who exploit trusted software brands to bypass security measures and infiltrate networks. Organizations and individuals alike are urged to remain vigilant and implement robust cybersecurity practices to defend against these emerging threats.

This Cyber News was published on thehackernews.com. Publication date: Mon, 10 Nov 2025 01:29:02 +0000

Cyber News related to Trojanized ESET Installers Drop Cobalt Strike Beacons to Target Windows Users

CVE-2022-27167 - Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 ...
3 years ago

CVE-2021-37851 - Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 ...
3 years ago

ESET Launches New Managed Detection and Response Service for Small and Midsize Businesses - PRESS RELEASE. BRATISLAVA/SAN DIEGO - January 17, 2024 - ESET, a global leader in cybersecurity, has announced the launch of ESET MDR, an innovative solution aimed at addressing the evolving cybersecurity challenges faced by SMBs. This new offering ...
2 years ago Darkreading.com

Trojanized ESET Installers Drop Cobalt Strike Beacons to Target Windows Users - A new cyberattack campaign has been uncovered involving trojanized ESET security software installers that deliver Cobalt Strike beacons to Windows users. This sophisticated attack targets users by distributing malicious versions of legitimate ESET ...
3 months ago Thehackernews.com

Malicious use of Cobalt Strike down 80% after crackdown, Fortra says | The Record from Recorded Future News - Microsoft, the Health Information Sharing and Analysis Center (Health-ISAC) and Fortra, which bought Cobalt Strike in 2020, have worked since 2023 to address the longstanding issue of pirated and unlicensed versions of the software being downloaded ...
11 months ago Therecord.media

International Operation Takes Down 593 Malicious Cobalt Strike Servers - Law enforcement agencies from around the world have successfully shut down 593 rogue servers running unauthorized versions of Cobalt Strike, a tool often misused by cybercriminals. Cobalt Strike, developed in 2012 by Raphael Mudge and now owned by ...
1 year ago Cybersecuritynews.com

CVE-2020-26941 - A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited ...
5 years ago

Hackers Abuse Cobalt Strike, SQLMap & Other Tools to Target Organizations' Web Applications - These attacks specifically utilize Cobalt Strike, a legitimate adversary simulation tool designed for security professionals, and SQLMap, an open-source utility that automates the detection and exploitation of SQL injection vulnerabilities. The ...
11 months ago Cybersecuritynews.com

Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals - European law enforcement agency Europol on Wednesday announced a global crackdown against the use of legitimate security tools by cybercriminals, including the takedown of nearly 600 Cobalt Strike servers linked to criminal activity. The agency said ...
1 year ago Securityweek.com

Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike - A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. The campaign represents a ...
7 months ago Cybersecuritynews.com

Identifying Misuse of Cobalt Strike Systems - Google Cloud recently identified 34 cracked versions of Cobalt Strike and released YARA Rules to detect them. The goal is to make it harder for malicious actors to abuse the tool. IronNet believes that a proactive approach to Cobalt Strike server ...
3 years ago Ironnet.com

Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
2 years ago Infosecurity-magazine.com

Nitrogen Ransomware Actors Attacking Organization With Cobalt Strike & Erases Log Data - The discovered Cobalt Strike watermark 678358251 has been previously associated with multiple threat actors, including the Black Basta ransomware group, highlighting how attack tools are frequently reused across different criminal operations. Their ...
10 months ago Cybersecuritynews.com Black Basta

ESET APT Activity Report T3 2022 - ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan, ...
3 years ago Welivesecurity.com MuddyWater Mustang Panda POLONIUM

ESET Small Business Security offers protection against online fraud, data theft and human error - ESET introduced ESET Small Business Security, which has been specifically designed to meet the cybersecurity needs of Small Office/Home Office business owners. According to the Small Business Administration, out of the 33.3 million small businesses ...
1 year ago Helpnetsecurity.com

Chinese FamousSparrow hackers deploy upgraded malware in attacks - A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization. In the attacks observed by the researchers, ShadowPad was ...
11 months ago Bleepingcomputer.com

Researchers Uncovered SuperShell Payloads & Multiple Tools From Hacker’s Open Directories - The Cobalt Strike beacon, found in a file named ‘test’, utilized different infrastructure than the SuperShell components, connecting to a server disguised with a certificate claiming to represent “jquery.com” with organization ...
10 months ago Cybersecuritynews.com

H2 2023 Threat Landscape Dominated by AI and Android Spyware - The threat landscape has been bustling in the second half of 2023, according to cybersecurity provider ESET. In its Threat Report: H2 2023, the firm recorded many significant cybersecurity incidents between June and November 2023, a period dominated ...
2 years ago Infosecurity-magazine.com

SQL Brute Force leads to Bluesky Ransomware - In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware. While other reports point to malware ...
2 years ago Thedfirreport.com CVE-2023-27350 BianLian

Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over - Prolific Iranian advanced persistent threat group OilRig has repeatedly targeted several Israeli organizations throughout 2022 in cyberattacks that were notable for leveraging a series of custom downloaders that use legitimate Microsoft cloud ...
2 years ago Darkreading.com OilRig

Water Curupira Hackers Launch Pikabot Malware Attack Windows - Pikabot is a loader malware that is active in spam campaigns and has been used by the threat group Water Curupira, which has been paused from June to September 2023 after Qakbot's takedown. The surge in Pikabot phishing campaigns was noted recently ...
2 years ago Gbhackers.com Black Basta

ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware's Prevalence - Cybersecurity company ESET released its H2 2023 threat report, and we're highlighting three particularly interesting topics in it: the abuse of the ChatGPT name by cybercriminals, the rise of the Lumma Stealer malware and the Android SpinOk SDK ...
2 years ago Techrepublic.com

North Korean Hacker Group Kimsuky Deploys New Linux Malware 'Gomir' via Trojanized Software Installers - Kimsuky, linked to North Korea's military intelligence, the Reconnaissance General Bureau, has a history of sophisticated cyber attacks aimed primarily at South Korean entities. In early February 2024, researchers at SW2, a threat intelligence ...
1 year ago Cysecurity.news Kimsuky

400K Linux Servers Recruited by Resurrected Ebury Botnet - The Ebury botnet - which was first discovered 15 years ago - has backdoored nearly 400,000 Linux, FreeBSD, and OpenBSD servers. More than 100,000 servers were still compromised as of late 2023, according to new research from cybersecurity vendor ...
1 year ago Darkreading.com

Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
2 years ago Darkreading.com