Jozsef is a system programmer whose interest in computer viruses began after his first PC was infected. That experience led him into cybersecurity in 2005 at a small antivirus company, where he spent three years analyzing malware. He later gained international experience working at larger companies in Spain and Ireland, expanding his expertise in low-level systems, software internals and cybersecurity. Over the years, he has built strong skills in reverse engineering, debugging, and static code analysis. Driven by curiosity, he joined Acronis in 2024 as part of its security research team. After gaining a strong foundation, Jozsef sought out new challenges and international experience, working at larger companies in Spain and Ireland. These roles broadened his technical exposure and helped him develop a solid understanding of low-level systems, software internals and the broader cybersecurity landscape. Over the years, he has built extensive expertise in reverse engineering, debugging and static code analysis. Jozsef has always been driven by curiosity — disassembling binaries, analyzing threats and understanding how things work under the hood. He joined Acronis in 2024, where he continues to grow as part of a talented security team.
The Acronis TRU team identified a threat cluster leveraging a customized Adwind (Java RAT) variant with polymorphic characteristics to deliver a ransomware module, tracked as ‘JanaWare.' Analysis of malware samples, infrastructure and telemetry indicates the campaign is likely focused on Turkish users.
Acronis Threat Research Unit (TRU) has been tracking Transparent Tribe, also known as APT36, and has uncovered a campaign that stands out for its use of startup-oriented, themed lure material delivered via an ISO container-based file.
In a newly identified campaign, internally referred to as Boto Cor-de-Rosa, our researchers discovered that Astaroth now exploits WhatsApp Web as part of its propagation strategy.
Acronis Threat Research Unit (TRU) observed a global malvertising / SEO campaign, tracked as “TamperedChef.” It delivers legitimate-looking installers that disguise as common applications to trick users into installing them, establish persistence and deliver obfuscated JavaScript payloads for remote access and control.
The Acronis Threat Research Unit (TRU) uncovered a new malware campaign involving Leet Stealer, RMC Stealer (a modified version of Leet Stealer) and Sniffer Stealer.
The Acronis Threat Research Unit (TRU) identified an ongoing malware campaign named Shadow Vector that is actively targeting users in Colombia through malicious SVG files masquerading as urgent court notifications.
Acronis Threat Research Unit (TRU) uncovered a new SideWinder APT campaign targeting high-level government institutions in Sri Lanka, Bangladesh and Pakistan.
Astaroth, also known as Guildma, is a sophisticated piece of malware that first emerged in 2018 and has since undergone significant evolution, adapting to new security measures and refining its attack methodologies.
We’ve recently come across a complex delivery chain utilizing multiple script languages designed to deploy high-profile malware families such as the open-source-made DCRat or the Rhadamanthys infostealer.