In a digital environment where threats are relentless, national productive sectors face a critical scenario: an attempted cyber intrusion every minute. Given this reality, analyzed by ESET Venezuela experts during their 7th Technology Breakfast for Journalists, data protection has ceased to be a technical option and has become a priority for economic survival.

Today, efficient risk management and the adoption of global standards are the only barriers capable of preventing a complete business shutdown.

During this high-level meeting, emerging trends that are redefining the protection of digital assets were explored. Special emphasis was placed on how local organizations must adapt their infrastructures in the face of the increase in sophisticated attacks that jeopardize operations and data integrity in an increasingly interconnected and demanding ecosystem.

Michele Flammia, General Manager of ESET Venezuela, welcomed attendees, highlighting the brand’s commitment to digital education and protecting strategic assets against current challenges.

Alarming figures that drive proactive action

Carlos López Rodríguez, the company’s Support and Training Manager, emphasized that cybersecurity must be viewed as an ongoing process: “Prevention and training cost less than stopping an attack once it has begun.” He also emphasized that certifications and work on control frameworks provide a real guarantee to third parties and clients.

For his part, José Luis Rangel, Commercial Manager of ESET, warned about the lack of visibility in the market: “Almost 40 % of companies don’t know if they are currently being compromised or if they were in the past.”

According to experts, a cyberattack occurs worldwide every 39 seconds, making it a statistically more likely threat than a fire. The economic impact of this operational paralysis can be reduced by up to 97% with adequate investment in training and frameworks such as ISO 27001 or NIST.

The human factor and social engineering

Martina López, a cybersecurity researcher at ESET Latin America, highlighted that social engineering remains the primary entry point for criminals. Using techniques like quishing (QR phishing) and dynamic phishing, attackers exploit the sense of urgency and trust of employees. In the country, the most frequently impersonated entities include DocuSign, MetaMask, and the Telegram platform, taking advantage of peak interest in AI tools and the current national situation.

Key recommendations for resilience

To strengthen defenses, specialists suggest three fundamental pillars:

• Tabletop Drills: Practicing crisis scenarios allows for the identification of weaknesses in response protocols before a real disaster occurs.
• Real Certification: Obtaining third-party endorsements that validate international standards provides real trust and security to clients.
• Device Security: Disable notifications on the lock screen to prevent the theft of passwords or credentials and always enable two-factor authentication (2FA).

Cybersecurity requires operational maturity; it is contradictory to fear quantum computing while working with obsolete systems. As López concluded, “training and practicing will always cost less than stopping a cyber intruder’s operation once it has begun.”

Video coverage with more details

For more information, visit the ESET website: https://www.eset.com/ve/. Also, follow them on social media: Instagram (@esetla) and Facebook (ESET).

Through on-site coverage and information from ESET and Comstat Rowland Comunicaciones Estratégicas Integrales

Audiovisual production: Ida Febres

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada ESET Venezuela: A cyberattack occurs every 39 seconds; prevention reduces downtime costs by up to 97 % apareció primero en Bitfinance.

In the prestigious specialized publication Computer Weekly, Venezuelan expert Rafael Núñez Aponte, director of MásQue Seguridad, shares his insightful and high-level opinions on Mythos, the new cyber intelligence that accelerates the IT security cycle.

“There are moments in cybersecurity where it’s not a tool that appears (or emerges), but a change in scale that occurs. Claude Mythos Preview, presented by Anthropic, seems to be one of those moments.”

-It’s not a public product. It’s a contained experiment. According to its official website, it’s a model in the Preview phase, restricted to a closed group of organizations under the Glasswing program. There’s no open release date, and that alone speaks volumes.

“What they describe is technically disruptive. During testing, the model was able to identify previously unknown vulnerabilities in widely used operating systems and browsers. We’re not talking about trivial flaws, and some had gone undetected for years.”

-But the truly relevant aspect isn’t just finding vulnerabilities; it’s the ability to assist in building working exploits. In internal benchmarks, tasks that previously had marginal success rates began to be executed consistently. In some scenarios, even users without advanced security training achieved significant results by interacting with the model.

                                          What they describe is technically disruptive

“For a penetration tester, or in the wrong hands, this means one thing: a radical reduction in attack time. Reconnaissance, correlation, and exploitation — phases that traditionally took days or weeks — can now be iterated in much shorter cycles. Not because the AI ​​attacks on its own, but because it reduces the distance between vulnerability and viable exploitation. That’s the real game-changer.”

But this is where the public narrative falls short. Mythos isn’t just a threat. It’s potentially one of the most advanced defensive tools we’ve ever seen. The same model that can identify exploit paths can also anticipate them, simulate them, and allow them to be corrected before they materialize. That’s precisely the logic behind Glasswing: hardening critical systems before other actors develop equivalent capabilities.

“Cybersecurity has always been asymmetrical. The attacker needs to find a crack, while the defender must cover them all. With Mythos, that asymmetry begins to shrink because now both sides can operate with unprecedented speed.”

“The name isn’t accidental. ‘Mythos,’ in Greek, is the narrative that shapes reality. Not necessarily the truth, but the structure that makes it comprehensible.

Today, in cybersecurity, we’re entering a stage where machines don’t understand like we do, but they generate models of the world coherent enough to act upon it.” And when that happens, the risk is no longer in the tool itself: it lies in who learns to use it first and in whose hands it ultimately ends up,” concludes this article by the specialist.

Brief author bio: Rafael Núñez Aponte is a Venezuelan entrepreneur specializing in cybersecurity, digital reputation, and cyber intelligence. Internationally recognized for his work in ethical hacking and content strategies, he is known for promoting the democratization of digital tools and cybersecurity.

Taken from Computer Weekly / Written by Rafael Núñez Aponte

Reference image source: Steve A Johnson on Unsplash

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada Rafael Núñez from Computer Weekly: Mythos, the new cyber intelligence that accelerates the security cycle apareció primero en Bitfinance.

The Gentlemen ransomware attacked more than 250 victims in 17 countries, including Mexico, Colombia, Chile, and Argentina, and represents a new era of customized and ultra-adaptive attacks. Unlike other groups, this Ransomware as a Service (RaaS) studies the specific defenses of its victims and adapts its tools during the campaign to overcome existing controls. ESET, a leading company in proactive threat detection, analyzes the new landscape of ransomware groups and warns how this disciplined, meticulous, and highly methodical organization has disrupted traditional approaches to become one of the most active threats since July 2025.

“It is an emerging Ransomware-as-a-Service group that burst onto the cybercrime scene in mid-2025. Unlike other groups with more sloppy or rustic aesthetics, The Gentlemen stands out for its polished brand identity. It even maintains a leak site on the dark web with a professional logo and a slogan that reinforces its image as a disciplined and highly detail-oriented organization. This professionalism is not merely aesthetic; it is reflected in the precision of its attacks and the technical quality of its tools,” says Martina Lopez, cybersecurity researcher at ESET Latin America.

Their operating model is based on double extortion, a tactic where they not only encrypt the victim’s files to block access, but also exfiltrate confidential data before encryption. Once they possess the information, they threaten to publish it on their leaks site if a ransom is not paid. This strategy puts massive pressure on companies, especially those that cannot afford a public data breach.

A ransomware attack by The Gentlemen typically begins by exploiting exposed internet access points (systems with open administration) or using previously stolen credentials. Once inside, they deploy tools to scan the internal network, understand how the company is organized, and identify users with elevated privileges, especially those with full access to the systems.

To move within the network and escalate the attack, they use tools that allow them to remotely execute actions on multiple computers and modify key configurations. In this way, they manage to distribute the ransomware simultaneously across all connected devices, further weakening security mechanisms to facilitate remote access and control.

In the final stage, they combine two critical actions: first, they steal sensitive information and send it to external servers in encrypted form; second, they lock down systems using encryption. Once the attack is complete, they execute processes designed to erase their tracks: they delete activity logs, remote connections, and any evidence that could allow them to reconstruct what happened, thus hindering subsequent investigations.

Their first documented victim was registered on June 30, 2025, and since then, their activity has not ceased. They have affected critical sectors such as manufacturing, construction, healthcare, insurance, and financial services.

Geographically, their impact is global, but the most affected countries include the United States and Thailand, followed by India, Mexico, Colombia, Spain, and France. This distribution suggests that the group takes advantage of access opportunities wherever they arise, without an apparent geopolitical agenda.

In mid-March 2026, they published on their website the attack on two organizations in Colombia in the healthcare and media sectors. During February, they attacked a government scientific research institute in Argentina, and in March, they claimed responsibility for an attack on an organization in Chile. According to the ransomware.live website, they also reported victims in Brazil, Peru, Ecuador, Venezuela, Guatemala, the Dominican Republic, Costa Rica, and Panama.

ESET provides the following list of recommendations to protect yourself from The Gentlemen ransomware:

• Reduce internet exposure: review which systems are accessible from outside and close any unnecessary access, especially administration panels or remote access.
• Protect credentials: use unique and strong passwords, enable two-factor authentication, and monitor any suspicious logins.
• Keep everything up to date: apply security patches to operating systems, servers, and applications. Many of their intrusions exploit known vulnerabilities.
• Detect anomalous behavior: Implement solutions that allow you to identify unusual activity within the network, such as after-hours access or unexpected remote executions.
• Limit privileges: Not all users need full access. Reducing permissions minimizes the impact if an account is compromised.
• Segment the network: Separating critical systems prevents an attacker from moving freely and compromising the entire infrastructure.
• Perform backups: Carry out regular backups and store them in isolation, verifying that they can be restored correctly.
• Train the team: Human error remains one of the main entry points. Awareness is key.

“In a scenario where attacks are no longer massive but personalized, the question is no longer whether an organization can be targeted, but when. Understanding how groups like The Gentlemen operate is the first step to anticipating a threat that no longer gives warning,” concludes Lopez from ESET.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For useful preventative information, visit https://www.eset.com/ve/ and follow them on social media @eset_ve, Instagram (@esetla), and Facebook (ESET.

Information and images provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada New generation of ransomware targets Latin America with tailored attacks that cause severe damage apareció primero en Bitfinance.

ESET, a leading company in proactive threat detection, announces the launch of Cloud Workload Protection, a new security module designed to protect virtual machines in public cloud environments and extend threat visibility beyond traditional endpoints and servers.

Presented at RSA Conference 2026, this new module allows organizations to integrate cloud workload protection within ESET’s detection and response platform, consolidating the security management of endpoints, servers, and cloud environments into a single console.

“Many companies, especially in the midmarket and managed service providers, are increasingly adopting cloud services like virtual machines to improve their productivity,” says Michal Jankech, Vice President of Enterprise & SMB/MSP at ESET. “With ESET Cloud Workload Protection, we extend our protection to public cloud environments like AWS, Azure, and Google Cloud, reducing the attack surface and providing greater visibility into potential threats.”

The ESET Cloud Workload Protection module protects virtual machines in public cloud environments and integrates telemetry from these systems within the ESET PROTECT XDR platform, enabling security teams to gain broader visibility and respond more efficiently to incidents that may affect both on-premises and cloud infrastructures.

Unlike many solutions on the market that offer cloud workload protection as a standalone product, ESET includes this capability at no additional cost for ESET PROTECT customers (except for the Entry edition).

According to various industry estimates, the average cost of a data breach in public cloud environments can exceed $5 million per incident, reinforcing the need for tools that simplify protection and enable faster response to threats.

Furthermore, the new module maintains ESET’s characteristic focus on providing lightweight and efficient solutions, allowing IT teams to validate security controls and generate evidence of compliance with regulatory standards such as NIST, CIS, HIPAA, and PCI DSS.

AI-Powered Enhancements

Along with the new module, ESET is announcing several enhancements to the ESET PROTECT platform, focused on simplifying incident investigation and improving response capabilities to attacks.

Key new features include:

Advanced AI-powered reporting in ESET LiveGuard Advanced. ESET’s cloud sandboxing technology now includes more detailed behavioral reports on analyzed files. For organizations using subscriptions with XDR capabilities, these reports incorporate AI-generated summaries that help quickly interpret complex findings.

Enhancements to incident investigation for EDR and XDR customers. The platform now offers more comprehensive incident graphs, clearly visualizing how an attack unfolded, identifying the initial entry point, and tracking its evolution over time. New contextual data, such as identity-related information, is also incorporated to accelerate analysis and response processes.

Integration of ESET AI Advisor into the ESET PROTECT console. ESET’s AI-powered assistant is now directly integrated into the management console, providing security teams with easy access to its analysis and recommendation capabilities.

With these new capabilities, ESET continues to expand its security platform to help organizations manage increasingly hybrid and complex environments, combining proactive protection, advanced detection, and investigation tools to enable faster and more efficient responses to modern threats.

In parallel, the company also announced eCrime Reports, a new service within the ESET Threat Intelligence portfolio that offers detailed analysis of real-world incidents related to ransomware and infostealers. These reports include indicators of compromise (IoCs), technical campaign analysis, attack patterns, and recommendations to help security teams anticipate threats and strengthen their defense strategies.

To learn more about ESET solutions, visit: https://www.eset.com/latam/empresas/protect-platform/.

ESET invites you to learn more and delve deeper into cybersecurity by visiting: https://www.welivesecurity.com/es/.

For useful preventative data, also available in Venezuela: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and reference images provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada ESET strengthens cloud security with new AI-powered capabilities apareció primero en Bitfinance.

Interaction with chatbots (ChatGPT, Gemini, Copilot, Claude, Perplexity, among others) has come to be treated as an intimate and secure space. Emotional, psychological, work-related, and medical concerns are entrusted to them. ESET, a leading company in proactive threat detection, analyzes what type of information is typically shared with AI chatbots, how it could be exposed, and what the real impact of a leak could be. Furthermore, they share digital best practices for continuing to use these tools without putting oneself at risk.

“It’s not new that many people use chatbots as if they were private spaces. Using them in this way contradicts the nature of these tools, since the platforms themselves emphasize that conversations can be stored, analyzed, or reviewed to improve the service. Chatbots were not designed as a confidential space, even though the conversational experience might lead one to think otherwise. While the main AI platforms claim to implement security and privacy measures (access controls, monitoring, infrastructure protection), this does not eliminate the risk of data breaches, nor is it synonymous with invulnerability,” highlights Martina Lopez, Cybersecurity Researcher at ESET Latin America.

When using them as personal assistants or even advisors, personal and sensitive information is often shared almost without realizing it. This includes:

• Personal data. Sensitive information such as name, age, city, and country, but also daily habits: where you work, who you live with, and your family composition. This information, combined and in the wrong hands, can be dangerous.
• Work-related information. Driven by the need to “Help me improve this,” many users share internal emails, contracts, reports, presentations, business strategies, campaigns, customer and supplier details, conversations, and support tickets. They also share source code and internal architectures.
• Medical, psychological, or emotional consultations. Chatbots are also perceived by many people as advisors or specialists (a practice that can be dangerous). Health-related issues are shared, such as symptoms, diagnoses, and medications, as well as personal matters like relationship conflicts, grief, questions they wouldn’t ask on other social media platforms, or requests for advice.
• Opinions, beliefs, and sensitive stances. Chatbots receive opinions from users with political or religious ideologies, views on companies, bosses, or colleagues, and also information that, taken out of context, can cause reputational damage.

“The problem isn’t what’s shared, but rather that false sense of intimacy and privacy, which can be shattered very easily. Months of conversations build a profile that can be extremely valuable to a cyberattacker,” adds Lopez from ESET.

The information shared with AI chatbots can be exposed and fall into the hands of cybercriminals for various reasons. The main one is if someone gains access to the account. This can happen by accessing the password, falling victim to a phishing attack, or using the same password for multiple services. Another reason is manipulated chatbots, which can be tricked with malicious prompts by cybercriminals to obtain user information. Furthermore, accepting terms and conditions without reading them is another risk, since chatbots collect and store usage information, such as history and conversations, to train their language model by default. It’s also important to consider potential security breaches, platform errors that expose user conversations and history, or if an extension or app is monitoring too much. For example, if a plugin is installed to enhance the chatbot’s capabilities and that app malfunctions, is vulnerable, or is malicious, the conversation could slip out of the main provider’s control.

The 5 key risks associated with a chatbot leak, according to ESET

1. Identity theft / Social engineering: Chatbot conversations provide human context. Cyberattackers can thus obtain information about habits, interests, routines, services used, problems that transcend these, and even the tone of voice used. This allows for much more personalized attacks, through emails or messages that appear to be written by someone familiar, scams that include real-life details, or identity theft that is much harder to detect.
2. Corporate espionage: Since many users rely on chatbots for work support, attackers can obtain confidential information such as strategies, documents, internal decisions, customer information, and pricing and/or product details. Beyond the legal risks this situation may entail, it can also represent a competitive advantage for third parties or the breach of certain contractual obligations.
3. Reputational damage: If private opinions, professional doubts, or intimate thoughts are exposed, the consequences can range from workplace conflicts to a loss of professional credibility.
4. Exposure of sensitive data: These types of chatbots are also used as a space for intimate consultations and often contain personal information such as symptoms, diagnoses, treatments, religious or political beliefs, and personal or family conflicts. If this information were leaked, the impact on the victim could be devastating: stigmatization, discrimination, and even emotional distress.
5. Extortion: When a cyberattacker has access to private information, they can exert pressure through credible threats and personalized blackmail. The goal? To obtain some kind of financial gain from the victim.

A good way to reduce the impact of exposed conversations is to adopt best practices when interacting with these chatbots. A highly useful preventative checklist

• Do not share personal data (ID number, date of birth, email, phone number) is ESET’s top recommendation.
• Anonymize real-life situations (change names, companies, locations).
• Do not attach sensitive documents, confidential information, or credentials.
• Review privacy settings (what is saved, what is used for training).
• Protect your account with a strong password and two-factor authentication.
• Use different accounts for work and personal use.
• Ask yourself: Would I say this out loud in a room with strangers?

“The comfort of a fluid, natural, and unjudged conversation makes us lower our guard and share information we would never publish in any other digital space. A leak of conversations exposes not only information but also routines, vulnerabilities, decisions, and emotions. However, this scenario should be taken as an invitation to understand what these platforms are and what they are not. They are not confidential spaces, personal advisors, or vaults of sensitive information. They are powerful tools, but like all technology, they require discretion, boundaries, and responsible digital habits,” concludes the ESET researcher.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela:  https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and image provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada What happen if our conversations with AI chatbots are exposed or revealed? apareció primero en Bitfinance.

The research team at ESET, a leading company in proactive threat detection, has discovered the first known Android malware that abuses generative AI in its execution flow to achieve persistence. Since the attackers rely on an AI model (specifically, Google’s Gemini) to guide the malicious manipulation of the user interface, ESET has named this family PromptSpy. The malware can capture data from the lock screen, stop uninstallation attempts, collect device information, take screenshots, record screen activity, and much more. This is the second AI-based malware discovered by ESET Research, following PromptLock in August 2025, the first known case of AI-driven ransomware.

This is information of general technological interest in the field of cybersecurity, and of course, an important finding for all Android users in particular.

Key points of the ESET research

• PromptSpy is the first known Android malware that uses generative AI in its execution.
• PromptSpy uses Google’s Gemini algorithm to interpret the elements displayed on the compromised device’s screen and provide instructions on how to perform various actions to remain in the recent apps list.
• The primary goal is to deploy a Virtual Network Computing (VNC) module on the victim’s device, allowing attackers to view the screen and perform actions remotely.
• PromptSpy can capture lock screen data, prevent uninstallation, gather device information, take screenshots, record screen activity, and perform other malicious activities.

This time, while generative AI is used in a portion of the code responsible for achieving persistence, it has a significant impact on the malware’s adaptability. Specifically, Gemini is used to analyze the current screen and provide PromptSpy with instructions on how to ensure the malicious application remains in the recent apps list, preventing the system from easily removing it. The AI ​​model and prompt are predefined in the code and cannot be modified.

“The use of generative AI allows malicious actors to adapt to virtually any device, design, or version of the Android operating system, which can greatly expand the number of potential victims,” says Lukáš Štefanko, the ESET researcher who discovered PromptSpy. “The main objective of this malware is to deploy an embedded VNC module, which gives operators remote access to the victim’s device,” Štefanko adds.

PromptSpy is distributed through a specific website and has never been available on Google Play

The expert and researcher elaborates that, based on linguistic localization clues and distribution vectors observed during the analysis, this campaign appears to be financially motivated and primarily targeting users in Argentina.

PromptSpy is distributed through a specific website and has never been available on Google Play. However, as a partner of the App Defense Alliance, ESET shared the findings with Google. Android users are automatically protected against known versions of this malware by Google Play Protect, which is enabled by default on Android devices with Google Play Services.

Given that the app’s name is MorganArg and its icon appears to be inspired by Morgan Chase, the malware is likely trying to impersonate Morgan Chase bank. MorganArg, almost certainly an abbreviation of “Morgan Argentina,” also appears as the name of the cached website, suggesting a regional focus.

PromptSpy blocks uninstallation by overlaying invisible elements on the screen. The only way for the victim to remove it is to restart the device in safe mode, where third-party apps are disabled and can be uninstalled normally. To enter safe mode, users typically have to press and hold the power button, press and hold “Power off,” and confirm the “Reboot to safe mode” message (although the exact method may vary depending on the device and manufacturer).

Once the phone restarts in safe mode, the user can go to Settings → Applications → MorganArg and uninstall it without interference.

“Although PromptSpy only uses Gemini in one of its functions, it still demonstrates how the implementation of these tools can make malware more dynamic, providing malicious actors with ways to automate actions that would normally be more difficult with traditional scripts,” says Štefanko of ESET.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram  (@esetla) and Facebook (ESET).

Information and image provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada ESET discovery: First Android threat using generative AI apareció primero en Bitfinance.

Credential theft is a threat that has been plaguing the world for over a decade. In Latin America, it is growing steadily in tandem with digitalization and the rise in online fraud. Last year alone, more than 2.6 million credentials were compromised in the region, according to a 2025 SOCRadar report.

This material is of educational interest to both advanced and frequent users, as well as basic and occasional users, and we should pay attention to it. It may be useful to archive and preserve it. Keep in mind that all countries and internet users have some degree of vulnerability and are therefore at risk. No one is immune to this risk; we must act preventively to reduce or mitigate it.

ESET, a leading company in proactive threat detection, warns that access to an email account allows attackers to access banking services, corporate platforms, financial information, and even medical records.

The ways cybercriminals obtain user passwords vary in difficulty and technical expertise. ESET categorizes them into three methodologies: those that exploit social engineering techniques, those that use malware, and those that result from an attack on the organization that should be protecting them.

What methodologies do hackers use?

1.Social Engineering Techniques:

This method falsely uses the names of public entities or well-known companies to lower suspicion and increase the effectiveness of attacks. The most common method is sending emails or messaging applications in which the attacker impersonates a legitimate entity to deceive the victim and persuade them to voluntarily hand over their login credentials.

These messages share a common characteristic: they appeal to urgency and simulate a notification of a problem requiring immediate action: account issues, a rejected payment, problems with a reservation, among countless other excuses. They often contain a malicious link to sites that mimic legitimate ones to steal victims’ sensitive data, such as passwords and usernames.

Another form phishing takes is through fake websites that rank highly in search engine results like Google with sponsored ads, because the attacker pays for visibility to impersonate real pages. In these scenarios, even cautious people can be tricked into clicking on a seemingly legitimate result that replicates the visual identity of banks, email platforms, cloud services, or reputable companies.

2.Distribution of specific malware:

Another common way to steal passwords is through the use of malware, which activates once the user’s device has been compromised. In these cases, ESET explains, there is no specific deception or alert message; instead, the theft occurs in the background, often without the victim noticing.

Infostealers, keyloggers, and spyware all share the common characteristic of continuously collecting sensitive information, including passwords stored in browsers, autofill data, application credentials, and active sessions. The impact of these types of malware is not limited to a single account, as the malicious program continues to collect credentials as long as the user uses the infected device, ESET points out.

Within this same ecosystem, banking Trojans emerge, specifically targeting login credentials for bank accounts and financial platforms. Through fake windows, they capture data the moment the user enters it. This type of threat, not new to the region, exceeded 650,000 unique detections in 2025, 110,000 of which belonged to a single family: Guildma.

3.Attacks on organizations:

Another significant source of credential theft is incidents where an organization’s databases are exposed due to a weakness or failure in its systems. In the most critical scenarios, leaks include complete credentials, either in plain text or with weak security mechanisms, allowing attackers to reuse them immediately. However, even when passwords are not directly exposed, leaked emails or usernames remain valuable to malicious actors. This information is then used as the basis for credential stuffing or brute-force attacks, exploiting the reuse of passwords across different services.

Once a database is compromised, the information can circulate for years in underground forums and be reused in different contexts and against multiple platforms. In this way, a single breach in one organization ends up amplifying the risk for other companies and for users themselves, even long after the original incident has been fixed.

“There are also brute-force threats. These consist of automatically trying multiple username and password combinations until successful access is achieved, without needing to deceive the user or compromise their device beforehand. They typically rely on lists of common passwords or credentials leaked in previous incidents, taking advantage of password reuse and the lack of additional authentication controls. When exposed services lack mechanisms to limit login attempts or adequate monitoring, this type of attack remains effective, especially against remote access, web applications, and corporate services published on the internet,” comments Martina López, Cybersecurity Researcher at ESET Latin America.

It is advisable to combine and add best practices with preventative measures

Credential theft by cybercriminals can occur through various vectors. The ESET research team maintains that prevention does not depend on taking a single measure, but rather on a combination of practices:

• Use unique and strong passwords for each service, since credential stuffing is common among cyberattackers using credentials that are sold commercially.
• Enable multifactor authentication whenever possible, as this mechanism complements and strengthens the passwords you use.
• Be wary of unexpected messages and avoid downloading files or clicking on suspicious links, as malware and phishing remain the most common ways credentials are stolen.
• Store passwords in password managers and avoid saving them in plain text or on shared devices.
• Keep systems and applications updated to patch any vulnerabilities.
• Review unusual access and activity on your accounts, either by keeping login alerts enabled or by checking the privacy or access settings of your applications.

In the event that a password has already been stolen, ESET emphasizes that reaction time makes the difference between an isolated incident and a major problem. Therefore, they recommend:

• Change the affected passwords and any others where the same credentials were used.
• Close active sessions on the affected account and revoke recent access in services and applications where possible.
• Check for unauthorized changes to accounts and monitor for future changes to messages, settings, payments, and other data.
• Use a security tool on potentially affected devices to remove any malicious code.

“While password theft is not a new problem, it continues to grow and adapt to new technologies, along with our increasingly complex digital lives. In this context, digital literacy and best practices become essential to protect our identity, information, and devices at both the individual and corporate levels. Staying informed is vital to staying ahead of the latest cybersecurity trends,” concludes López from ESET.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela at:  https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and images provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada Recommendations to reduce credential theft: This digital risk is very common in Latin America apareció primero en Bitfinance.

Last November, the UK’s Security Service alerted members of Parliament about a foreign intelligence-gathering scheme: two LinkedIn profiles were contacting people working in British politics to request “insider information.” The MI5 revelations triggered a £170 million ($230 million) government initiative to address espionage threats against Parliament. While this is a high-profile case, ESET, a leading company in proactive threat detection, states that it is far from the first or only one. The site could also be a veritable treasure trove of corporate data that could be maliciously used to support fraud or threat campaigns.

Therefore, it is important to learn from this analysis and valuable professional opinion provided by ESET.

LinkedIn has amassed over one billion members worldwide since its founding in 2003. This represents a vast pool of potential targets for state-backed or financially motivated threat actors. Firstly, it is an extraordinary source of information where malicious actors can discover the roles and responsibilities of key individuals within a target company and reconstruct or reshape the relationships between individuals and projects they might be working on. Furthermore, it provides credibility and cover because, as a professional network, it is frequented by both high-level executives and lower-level employees, and it is a context in which a victim is more likely to open a direct message or InMail from someone on the platform than an unsolicited email.

On the other hand, it bypasses “traditional” security because there is no guarantee that phishing messages, malware, or spam won’t get through; and due to the site’s perceived credibility, target users may be more likely to click on malicious content. Finally, it’s easy to start operating; anyone can create a profile and begin lurking on the site to gather intelligence or send phishing messages and Business Enforcement (BEC) scams. Furthermore, attackers can hijack existing accounts or create fake identities before posing as candidates and recruiters for positions and jobs. The large number of compromised credentials circulating on cybercrime forums (due in part to infostealers) makes this relatively easy.

There are several ways threat actors can operationalize their malicious campaigns:

• Phishing and spearphishing: By using the information users share in their profiles, attackers can customize phishing campaigns (fake emails) to increase their success rate.
• Direct attacks: Contact can be made directly through malicious links designed to deploy malware, such as infostealers, or promote fake job offers intended to steal credentials.
• BEC: Similar to phishing, LinkedIn provides a wealth of intelligence that can be used to make Business Email Compromise attacks appear more convincing. It can help scammers identify who reports to whom, what projects they are working on, and the names of partners or suppliers.
• Deepfakes: LinkedIn can also host videos of targeted individuals, which can be used to create deepfakes and employ them in subsequent phishing, BEC, or social media scams.
• Account hijacking: Fake LinkedIn pages (phishing), infostealers, credential stuffing, and other techniques can help attackers take control of user accounts. These hijacked accounts can then be used in subsequent attacks targeting their contacts.
• Attacks on suppliers: LinkedIn can also be tracked for information about partners of a target company, who would also be targeted with phishing as part of a malicious “domino effect” strategy.

“The challenge posed by threats on LinkedIn is that IT departments find it difficult to obtain accurate information about the extent of the risk their employees face, and the tactics used to attack them. However, it makes sense to include LinkedIn threat scenarios like those described above in security awareness training courses. Employees should also be warned about the risk of oversharing information on the platform and given guidance on how to detect fake accounts and typical phishing lures,” says Mario Micucci, Cybersecurity Researcher at ESET Latin America.

ESET provides information on various threat groups that have used some of these tactics

• The Lazarus Group (North Korea) has posed as recruiters on LinkedIn to install malware on the computers of people working at an aerospace company, according to ESET Research. In fact, the research team also recently described the “Wagemole” campaigns, in which individuals aligned with North Korea attempt to obtain employment at foreign companies.
• ScatteredSpider contacted MGM’s help desk, impersonating an employee whose identity they obtained from LinkedIn, in order to gain access to the organization. The subsequent ransomware attack resulted in losses of $100 million.
• A spearphishing campaign called “Ducktail” targeted marketing and human resources professionals on LinkedIn, delivering malware and stealing information through links sent via direct message. The malware was hosted in the cloud.

Prevention

“To prevent account hijacking, a policy of regularly updating patches should be followed, security software should be installed on all devices (from a trusted vendor), and multifactor authentication should be enabled. Additionally, in corporate environments, it may be worthwhile to organize specific training sessions for executives, who are often the most frequent targets of attacks. Above all, ensure that the team is aware that, even on a network considered trustworthy like LinkedIn, not everyone acts in good faith or in their best interest,” recommends the ESET researcher.

ESET invites you to learn more about cybersecurity by visiting:  https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela at: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla)  and Facebook (ESET).

Information and image provided by ESET

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada Malicious actors hunt and manipulate on the important LinkedIn network; we must protect ourselves apareció primero en Bitfinance.

For cybercriminals, information represents money, an access point, and also a tool for committing new crimes. This is why personal and sensitive or private data, such as full names, contact information, credit card numbers and banking credentials, health data, social media and service login credentials, among others, have become one of the most coveted targets for malicious actors. ESET, a leading international company in proactive threat detection, analyzes what cybercriminals do once they obtain stolen information.

Most common actions

Selling it on underground forums: One of the main benefits cybercriminals derive from stolen information is simply money. Personal data has significant value for the criminal ecosystem. They primarily sell it on underground forums and Dark Web marketplaces, where personal data, login credentials, banking and financial information, corporate passwords, and any other sensitive information are sought after by other cybercriminals for use in various illegal activities.

Other crimes

• Identity theft: The more information cybercriminals obtain about a person, the more tools they have to create a fake digital profile and thus scam their contacts or commit cybercrimes in their name. • Financial fraud: Certain personal data facilitates access to financial resources, allowing cybercriminals to obtain illicit gains. This can range from making purchases to applying for credit cards.
• Personalized phishing attacks: Stolen information allows cybercriminals to create much more credible and targeted phishing emails. Data such as the victim’s work email address or the company where they work can lend a false sense of authenticity to an email with malicious intent.
• Extortion of victims: Information is a very powerful tool that, in the wrong hands, can be used for extortion and blackmail. Cybercriminals often use it to pressure their victims, from a concrete threat to making confidential data public, selling it to competitors, or simply causing reputational damage. In most of these cases, their goal is to obtain money.
• Espionage and sabotage: In the business or government sector, a simple stolen password can be the gateway to internal networks, critical infrastructure, and even confidential information belonging to clients, suppliers, allies, or business partners—and that’s just the beginning.

In contrast to the points mentioned above, in these cases the objective is not monetary, but rather to spy undetected, accessing networks, emails, and internal communications, altering production or logistics processes, and even deleting, modifying, or corrupting key information.

In this context, it becomes essential to take concrete actions to protect sensitive and confidential data, whether personal, corporate, or institutional.

ESET Latin America shares recommendations to significantly reduce the risk of data being exposed or falling into the wrong hands

• Protect your information: avoid sharing personal data online.
• Use strong passwords: they should be robust and unique for each account.
• Activate two-factor authentication on every account that allows it.
• Keep both devices and software up to date.
• Have a robust and reliable security solution.
• Stay up-to-date on the latest cybersecurity news.

For other useful data and preventative information, visit https://www.eset.com/ve/and follow them on social media @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and image provided by ESET and Comstat Rowland       

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram

La entrada Let’s reduce risks: How cybercriminals use stolen information apareció primero en Bitfinance.

In Latin America, the mobile landscape has very clear characteristics. The region concentrates many malware detections for Android, focusing on Mexico and Brazil, according to the latest ESET Threat Report. Unlike more northerly regions or Europe, Android is the most prevalent operating system by a significant margin. In line with what ESET, a leading company in proactive threat detection, observes globally, the phone is the primary device for most people, and recent devices coexist with models that no longer receive updates. According to the research group, this mix of high dependency, fragmentation, and outdated versions creates an environment where many malicious codes find space to proliferate. This is an issue we should all be aware of, whether we are basic and occasional users or advanced and active ones.

“In addition, many of the most effective distribution channels remain fully operational in the region. SMS or messaging campaigns with direct links, modified APKs shared outside of official stores, and applications that manage to enter legitimate stores with very few reviews or signs of real activity continue to be key vectors. This ecosystem facilitates both the circulation of known malware families and the constant emergence of new or unsophisticated variants that still manage to gain traction,” comments Martina Lopez, Cybersecurity Researcher at ESET Latin America.

ESET analyzes the 3 most frequently detected malware families in the region during 2025

Trojan.Android/Exploit.CVE-2012-6636: An old vulnerability that remains present in the mobile ecosystem because many Android applications continue to use legacy components. The flaw affects apps that use WebView with an insecure configuration and that were compiled with versions prior to Android 4.2. Even if the device is modern, the application may retain this vulnerable behavior. In this context, a malicious webpage loaded within the WebView itself can interact with the app’s internal code in ways that should not be possible, opening the door to the execution of unauthorized actions.

In the current mobile threat landscape, this exploit is not usually the focus of complex campaigns, but it does appear embedded in APKs distributed outside of official app stores or present in applications that no longer receive updates. Publicly available exploits exist for CVE-2012-6636, including modules embedded in frameworks like Metasploit, making it easy for malicious actors to use. Furthermore, it was reported as one of the most prevalent Android exploits in 2023, according to the ESET Security Report 2024.

Trojan.Android/Exploit.Lotoor: This is a family of privilege escalation exploits used for over a decade to gain root access on Android devices. It encompasses a set of techniques that abuse operating system vulnerabilities in various early versions of Android, especially flaws discovered between 2010 and 2013. Under this umbrella are exploits that take advantage of errors in drivers, system services, or memory management, allowing code to be executed with privileges higher than those of the application.

Its modules continue to reappear within malicious tools that seek to activate advanced functions such as uninstalling security apps, modifying internal configurations, or installing additional payloads. This is not the first time the research team has observed Lotoor in the top spots.

Trojan.Android/Pandora: This is malicious code linked to a variant of Mirai adapted for the Android ecosystem. It was first observed in 2023 within popular streaming applications in the region, especially on Android TV boxes and sticks commonly used to access unofficial content. In these cases, attackers distribute APKs that function as legitimate streaming apps but include a malicious component capable of turning the device into part of a botnet. In some models, modified firmware was even detected that came infected from the factory, amplifying the reach of the attack.

Once installed, Pandora maintains communication with a command and control server, receives instructions, and executes the typical capabilities of a Mirai-based botnet, with the focus on launching distributed denial-of-service attacks.

“This 2025 outlook shows us that Android threats continue to rely on well-known vectors and the lack of device and application updates, which keeps exploits and vulnerabilities that have been circulating for years alive. Even so, this doesn’t mean the risk is limited to the usual suspects. Less widespread, but equally relevant, threats also persist, such as banking trojans or fraudulent lending apps, which operate in a much more targeted way and seek a direct impact on the user’s finances. And, in parallel, emerging threats and increasingly innovative techniques are appearing, such as malware capable of cloning cards via NFC, reflecting a constantly evolving mobile ecosystem with a growing level of sophistication,” concludes Lopez from ESET Latin America.

In this context, protecting information and devices from these threats becomes vital.

ESET shares the following tips to avoid becoming a victim

• Keep your device updated and don’t use older versions of Android if an update is available.
• Install applications only from official stores or verified sources.
• Avoid APKs from unknown sources, even if they promise “premium” features or free content.
• Check permissions, developer activity, and the actual number of reviews before installing an app.
• Use reliable security solutions that detect exploits, Trojans, and anomalous behavior.
• Avoid disabling system protections and prevent the installation of unknown apps.
• Be wary of messages, links, or ads that promise quick access, discounts, or special features.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela: https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Bitfinance.news

(With information and images provided by ESET and Comstat Rowland)

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Cybersecurity: The malware that most attacked Android smartphones apareció primero en Bitfinance.