Hackers have breached Comsecure, ESET’s exclusive partner in Israel, to send phishing emails to local businesses, delivering destructive data wipers disguised as antivirus software.
This phishing campaign, which began on October 8th, used the legitimate eset.co.il domain to send emails branded with ESET’s logo, tricking recipients into believing the messages were authentic.
We are aware of a security incident which affected our partner company in Israel last week. Based on our initial investigation, a limited malicious email campaign was blocked within ten minutes. ESET technology is blocking the threat and our customers are secure. ESET was not…
— ESET Research (@ESETresearch) October 18, 2024
A data wiper is a type of malware designed to delete files on a computer and corrupt partition tables, making data recovery extremely difficult. In this case, the phishing emails pretended to be from ESET’s “Advanced Threat Defense Team,” warning recipients that state-sponsored attackers were targeting their devices. The emails urged users to download a tool called “ESET Unleashed,” which was advertised as an advanced antivirus solution for protection.
The emails appeared highly credible, passing several authentication tests, including SPF, DKIM, and DMARC. The malicious software was hosted on the legitimate eset.co.il domain, further adding legitimacy to the attack. The ZIP archive linked in the phishing email contained digitally signed DLL files from ESET’s legitimate antivirus software, but the Setup.exe file within the archive was actually a malicious data wiper.
While the phishing emails were sent from legitimate ESET Israel servers, ESET confirmed that the domain is operated by Comsecure, their distributor in Israel. It remains unclear how Comsecure’s email server was compromised, and the company has not yet responded to inquiries from BleepingComputer.
