InedibleOchotense ESET-impersonation phishing campaign with trojanized installers
Campaign
Summary
Hide ▲
Show ▼
A Russia-aligned campaign by InedibleOchotense sent ESET-branded spear-phishing lures to multiple Ukrainian entities, creating a malware-delivery risk. The operation used email and Signal messages to push links to a trojanized ESET installer. It exploited ESET's brand reputation and the company's widespread use in Ukraine to increase the chance of successful installs.
Related Happenings
Webworm expanded European government and South Africa university espionage campaign
Campaign
First: 20.05.2026 14:30
Last: 20.05.2026 14:30
Sources 1
About this happening:
Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...
Webworm expanded European government and South Africa university espionage campaign
CampaignAbout this happening: Webworm expanded its **2025 espionage campaign** into **European government organizations** and a **university in South Africa**, widening the cross-region targeting risk. The ope...
Dragon Boss Solutions LLC adware malicious update
Malware Activity
First: 16.04.2026 22:07
Last: 16.04.2026 22:07
Sources 1
About this happening:
A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...
Dragon Boss Solutions LLC adware malicious update
Malware ActivityAbout this happening: A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...
RomCom SocGholish delivery chain for Mythic Agent
Malware Activity
First: 26.11.2025 10:28
Last: 26.11.2025 10:28
Sources 1
About this happening:
The **RomCom** malware family was newly observed being delivered through **SocGholish/FakeUpdates**, adding a fresh infection path that can push multiple payloads and increase pos...
RomCom SocGholish delivery chain for Mythic Agent
Malware ActivityAbout this happening: The **RomCom** malware family was newly observed being delivered through **SocGholish/FakeUpdates**, adding a fresh infection path that can push multiple payloads and increase pos...
InedibleOchotense spear phishing campaign impersonating ESET
Campaign
First: 07.11.2025 14:20
Last: 07.11.2025 14:20
Sources 1
About this happening:
The **InedibleOchotense** spear phishing campaign impersonating **ESET** delivered a **trojanized installer** and **Kalambur backdoor**, creating a direct infection risk for targe...
InedibleOchotense spear phishing campaign impersonating ESET
CampaignAbout this happening: The **InedibleOchotense** spear phishing campaign impersonating **ESET** delivered a **trojanized installer** and **Kalambur backdoor**, creating a direct infection risk for targe...
Kalambur (aka SUMBUR) trojanized ESET installer backdoor deployment
Malware Activity
First: 06.11.2025 17:31
Last: 06.11.2025 17:31
Sources 1
How related:
The installer is designed to deliver the legitimate ESET AV Remover, alongside a variant of a C# backdoor dubbed Kalambur (aka SUMBUR), which uses the Tor anonymity network for command-and-control. It's also capable of dropping OpenSSH and enabling remote access via the Remote Desktop Protocol (RDP) on port 3389.
About this happening:
**Kalambur (aka SUMBUR)** was delivered through a **trojanized ESET installer**, creating a **backdoor deployment** that can open remote access on victim systems. The malware used...
Kalambur (aka SUMBUR) trojanized ESET installer backdoor deployment
Malware ActivityHow related: The installer is designed to deliver the legitimate ESET AV Remover, alongside a variant of a C# backdoor dubbed Kalambur (aka SUMBUR), which uses the Tor anonymity network for command-and-control. It's also capable of dropping OpenSSH and enabling remote access via the Remote Desktop Protocol (RDP) on port 3389.
About this happening: **Kalambur (aka SUMBUR)** was delivered through a **trojanized ESET installer**, creating a **backdoor deployment** that can open remote access on victim systems. The malware used...
Timeline
-
06.11.2025 17:31 2 articles · 6mo ago
InedibleOchotense ESET-impersonation phishing campaign with trojanized installers
Initial DisclosureIn **May 2025**, InedibleOchotense began sending **ESET impersonation** lures by **email** and **Signal** to Ukrainian entities. The initial lure pointed to a **trojanized installer** intended to trigger malware execution and follow-on access.
Show sources
- Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine — thehackernews.com — 06.11.2025 17:31
- Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine — thehackernews.com — 06.11.2025 17:31