Share Blog Post
A modular trojan, derived from leaked ZeuS source code, has resurfaced after nearly two years with updated obfuscation techniques and a revamped domain generation algorithm. Separately, a new RAT malware is targeting Android devices and executing additional commands and phishing attacks disguised as top social media apps, including Snapchat, Instagram, WhatsApp, and Twitter.
Tech giants like Facebook and Microsoft were in the fray due to a critical vulnerability affecting the ‘R’ programming language. The flaw allowed arbitrary code execution via malicious RDS files, which could further facilitate supply chain attacks. Brand impersonation and social engineering tactics are in play by a new credential-harvesting phishing campaign.
Top Malware Reported in the Last 24 Hours
Zloader resurfaces with enhanced anti-analysis tactics
Zloader has resurfaced with enhanced anti-analysis measures, reminiscent of ZeuS's original design. In versions 2.4.1.0 and 2.5.1.0, Zloader implements registry checks and MZ header validations to thwart execution on different systems. It reintroduces an anti-analysis feature akin to the original ZeuS 2.x code, restricting binary execution to the infected machine.
Android RAT mimics social media apps
A newly discovered RATwas observed targeting Android devices by masquerading as popular social media apps like Snapchat and Instagram. This malware, equipped with advanced capabilities, harvests credentials through phishing attacks facilitated by fraudulent HTML login pages. Upon installation, it gains intrusive permissions and communicates with a C2 server to execute commands.
DarkGate experiments new techniques
Recent research uncovers DarkGate malware's sophisticated infection tactics. HTML files trigger user actions, leading to VBScript execution via PowerShell, while XLS files follow a similar process, bypassing Microsoft Defender SmartScreen. DarkGate ensures persistence by dropping files and exfiltrates data. Notably, it leverages AutoHotkey for malicious activities.
Top Vulnerabilities Reported in the Last 24 Hours
R language flaws open doors to multiple attacks
AI security firm HiddenLayer uncovered a critical vulnerability in the R programming language's serialization process (CVE-2024-27322). This flaw allowed for arbitrary code execution when loading malicious RDS files, posing a significant risk of impacting the supply chain. Exploiting lazy evaluation and promise objects, attackers can inject code that executes upon referencing the symbol associated with the compromised file.
Top Scams Reported in the Last 24 Hours
Phishing scam targets Microsoft credentials
A sophisticated phishing campaign uses Rich Text Format (RTF) attachments in personalized emails mimicking reputable brands, like Epson and HP, to trick recipients into revealing Microsoft credentials. The RTF files harbor deceptive links redirecting victims to malicious sites designed to request users’ login credentials. The scam was detected over 1,000 times in two days.
Tags
Posted on: April 30, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
