Antivirus provider ESET says a hacker was able to breach a company partner in Israel and send phishing emails to customers posing as the ESET brand.
The hack came to light after a user posted about receiving a suspicious email on Oct. 8th from the address “[email protected],” warning about “government-backed attackers” trying to compromise their computer.
“Your device has been identified among a list of devices currently being targeted by a state-backed threat actor,” the seemingly legitimate email said. To protect the user, the message contained a link to download a “ESET Unleashed program” designed to counter elite hackers.
(ESET forum)
But it turns out the email message actually contained a link to trick users into downloading malware, which was also hosted over the “backend.store.eset.co.il” domain. The security researcher Kevin Beaumont was able to analyze the malware and found it can wipe all data on a Windows PC.
“Okay… I think ESET Israel got compromised a few weeks ago and they haven’t told people,” Beaumont added in a post on Mastodon.
In response, ESET on Friday took to social media to confirm the hack. However, the antivirus provider is also distancing itself from the breach. Instead, ESET, which is based in Slovakia, has been pointing out its Israeli business actually goes through a third-party company called Comsecure.
“You’ll have to reach out to Comsecure, ESET’s Israel distributor who was impacted, for additional details (about the hack),” an ESET spokesperson told PCMag.
Recommended by Our Editors
Comsecure wasn’t available over email or phone on Friday, making it unclear how many users may have been targeted. In the meantime, ESET’s post on social media says: “Based on our initial investigation, a limited malicious email campaign was blocked within ten minutes. ESET technology is blocking the threat and our customers are secure. ESET was not compromised and is working closely with its partner to further investigate and we continue to monitor the situation.”
Meanwhile, Beaumont said he suspects the phishing email may have come from a pro-Palestinian hacktivist group known as Handala, citing use of the wiper malware.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.