ESET Shares New Findings on Operation Potao Express

Next story
San Diego, CA

ESET, a global leader in IT security for more than two decades, today announced new research surrounding Operation Potao Express, an extensive analysis of the cyberespionage group behind the Win32/Potao malware family. An ESET white paper on the malware includes technical details on how the malware spreads and the most noteworthy campaigns since its first appearance in 2011.

is a type of espionage malware that has been detected mostly in Ukraine and a number of other CIS countries, including Russia, Georgia and Belarus. The Potao family is a typical cyberespionage trojan that steals passwords and sensitive information in order to offer them to the attackers’ remote server.

Similar to BlackEnergy, Potao was use to spy on the Ukrainian government, military entities and a major Ukrainian news agency. It was also used to spy on members of MMM, a financial pyramid scheme popular in Russia and Ukraine.

“Our investigation of Potao uncovered a very interesting connection to a Russian version of the now-discontinued popular open-source encryption software, TrueCrypt,” says Robert Lipovsky, Senior Malware Researcher at ESET.

ESET researchers also discovered another connection between trojanized TrueCrypt and the website, which not only delivered infected encryption software, but also acted as a command and control (C&C) server for the backdoor.

Read more about Operation Potao Express: Analysis of a cyber-espionage toolkit on

About ESET
Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit or follow us on LinkedIn, Facebook and Twitter.