See full agenda Tue Oct 7 / 10:40 AM - 11:05 AM CEST

From inbox to exfiltration: Tracking threat actors behind infostealer campaigns

eCrime remains a fast-shifting threat in today’s cybersecurity landscape. At the heart of this ecosystem is the malware-as-a-service (MaaS) model, which has made it easier than ever for cybercriminals to launch full-scale attacks. From cryptors and payloads to admin panels and ready-made infrastructure, tools for the entire attack chain are now available for purchase.

In this session, we explore how this model fuels the distribution of popular infostealer families such as SnakeStealer and PureLogs, along with various cryptors like ModiLoader. We will also examine how these tools are developed, operated, and sold, and how they are deployed in real-world spear-phishing campaigns. Drawing on insights from ESET’s unique eCrime research, we will demonstrate how these campaigns can be tracked, clustered, and attributed to specific threat actors – and show how, in some cases, even legitimate but compromised infrastructure is abused to support these operations.

research

12. Jakub Kaloc - Malware Researcher

Jakub Kaloc Malware Researcher

See full agenda

ESET, spol. s.r.o. takes data protection very seriously. All information collected through this website is processed for marketing purposes only. I understand I can opt out at any time.

Terms of Use

These Terms of Use (hereinafter referred to as "Terms") constitute a special agreement between ESET, spol. s r. o., having its registered office at Einsteinova 24, 851 01 Bratislava, Slovak Republic, registered in the Commercial Register administered by Bratislava I District Court, Section Sro, Entry No 3586/B, Business Registration Number: 31 333 535 (hereinafter referred to as "ESET" or "Provider") and you, a natural person or legal entity (hereinafter referred to as "You" or "User”) who accesses the service (as defined bellow) through this website governed by the Terms. If you use the service on behalf of an organization, then you agree to these Terms for that organization and guarantee that you have the authority to bind that organization to these Terms. In that case You and User will refer to that organization. Read the Terms carefully, they relate also to service provided by ESET through or in relation to this website.

Description of Service

Through this website, ESET provides you with access to a variety of resources, including live video streams for uploaded videos, files and other materials (hereinafter referred to as "Service"). The Service, including any updates, enhancements, new features, and/or the addition of any new Web properties, are subject to the Terms. The Service is available exclusively to the registered visitors.

The Service requires you to register for the event, you must complete the registration process by providing us with current, complete and accurate information as prompted by the applicable registration form.

ESET reserves the right to decline your registration at its sole discretion.

Furthermore, you are entirely responsible for any and all activities that occur under your registration. You agree to notify ESET immediately of any unauthorized use of your account or any other breach of security. ESET will not be liable for any loss that you may incur as a result of someone else using your unique link, either with or without your knowledge. However, you could be held liable for losses incurred by ESET or another party due to someone else using your unique link. You may not use anyone else's account at any time, without the permission of the account holder.

Details about privacy, personal data protection and rights as a data subject can be found in Privacy Policy.

Electronic Communication

ESET will communicate with You electronically in the course of performing activities presumed by these Terms, including in the course of provision of Services, account or our website. We may send You emails, notifications via your account or post the communication on our website. You agree to receive legal communications from ESET in electronic form, including any communications on change in Terms or Privacy Policies, any contract proposal/acceptance or invitations to treat, notices or other legal communications and that such electronic communication shall be deemed as received in writing, unless a different form of communication is specifically required by applicable laws.

Usage Limitations

As a condition of your use of the Service, you will not use the Service for any purpose that is unlawful or prohibited by these terms, conditions, and notices. You may not use the Service in any manner that could damage, disable, overburden, or impair any ESET server, or the network(s) connected to any ESET server, or interfere with any other party's use and enjoyment of any Services. You may not attempt to gain unauthorized access to any Services, other accounts, computer systems or networks connected to any ESET server or to any of the Service, through hacking, password mining or any other means. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the Service.

Disclaimers

AS THE USER, YOU HEREBY ACKNOWLEDGE THAT THE SERVICE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. NEITHER THE PROVIDER, ITS LICENSORS OR AFFILIATES, NOR THE COPYRIGHT HOLDERS MAKE ANY REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT SERVICE WILL NOT INFRINGE ANY THIRD PARTY’S PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. THE PROVIDER OR ANY OTHER PARTY MAKE NO GUARANTEE THAT THE FUNCTIONS CONTAINED IN SERVICE WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE. YOU ASSUME ALL RESPONSIBILITY AND RISK FOR THE SELECTION AND USE OF SERVICE TO ACHIEVE YOUR INTENDED RESULTS AND FOR THE RESULTS OBTAINED FROM IT.

No other obligations. The Terms create no obligations on the part of the Provider and its licensors other than as specifically set forth herein.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE PROVIDER, ITS EMPLOYEES OR LICENSORS BE LIABLE FOR ANY LOST PROFITS, REVENUE, SALES, DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, PROPERTY DAMAGE, PERSONAL INJURY, INTERRUPTION OF BUSINESS, LOSS OF BUSINESS INFORMATION OR FOR ANY SPECIAL, DIRECT, INDIRECT, INCIDENTAL, ECONOMIC, COVER, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND WHETHER ARISING UNDER CONTRACT, TORT, NEGLIGENCE OR OTHER THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THE SERVICE, EVEN IF THE PROVIDER OR ITS LICENSORS OR AFFILIATES ARE ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME COUNTRIES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF LIABILITY, BUT MAY ALLOW LIABILITY TO BE LIMITED, IN SUCH CASES THE LIABILITY OF THE PROVIDER, ITS EMPLOYEES OR LICENSORS OR AFFILIATES SHALL BE LIMITED TO THE SUM THAT YOU PAID TO PROVIDER.

Copyright and Legal Information

ESET or its respective suppliers are owners or holders of copyright or other intellectual property rights to any other content available on the website, such as any text, documents, images, logos, icons, buttons or databases (“content”). ESET and its suppliers reserve all rights not explicitly granted to You in the Terms.

Governing Law and Language

The Terms shall be governed by and construed in accordance with Slovak law. You and ESET agree that conflict provisions of the governing law and United Nations Convention on Contracts for the International Sale of Goods shall not apply. You expressly agree that exclusive jurisdiction for any claim or dispute with ESET or relating in any way to Your use of the Software resides in District Court Bratislava I, Slovakia and you further agree and expressly consent to the exercise of the personal jurisdiction in the District Court Bratislava I in connection with any such dispute or claim.

In the case of discrepancies between the language versions the English version shall always prevail as the English version is deemed original.

General provisions

ESET reserves the right to make changes to our Services as well as to revise these Terms, Privacy Policy or any portion thereof at any time by updating the relevant document (i) to reflect changes to the Services or website or in how ESET does the business, (ii) for legal, regulatory or security reasons, or (iii) to prevent abuse or harm. You will be notified by way of web site. If you disagree with the changes to the Terms, you may cancel your registration. Unless you cancel your registration, you are bound by any amendments or revisions of the Terms. You are encouraged to periodically visit this page to review the current Terms that apply to your use of web site and Services.

Notices

All notices must be delivered to: ESET, spol. s r. o., Einsteinova 24, 851 01 Bratislava, Slovak Republic.