Go to listing page

Cyware Daily Threat Intelligence, April 01, 2021

Cyware Daily Threat Intelligence, April 01, 2021

Share Blog Post

Security professionals are again on the target list of attackers. This time they are being targeted through a fake company website named SecuriElite. The purpose and modus operandi of the campaign remains the same as the one that was carried out in January by the North Korea-based Zinc threat actor group.

It’s raining backdoor malware! In the past 24 hours, researchers have come across two backdoor malware that target both online gamers and normal users. The one that targets online gamers is disguised as game tweaks, patches, and cheats to steal information from infected systems. On the other hand, the newly discovered BazarCall malware is distributed via spoofed email that includes malicious documents for BazarLoader.

Top Breaches Reported in the Last 24 Hours

Ubiquiti confirms security breach
Network device maker Ubiquiti has confirmed that it was the target of an extortion attempt following a security breach in January. Throwing light on the breach, the company further added that no customer data was affected in the attack.

Security researchers targeted again
North Korean threat actors have set up a website for a fake company called SecuriElite, along with associated Twitter and LinkedIn accounts, to lure security professionals into another cyberespionage trap. The campaign is similar to the one observed in January that had targeted security researchers.

Top Malware Reported in the Last 24 Hours

New BazarCall malware
Researchers have found a new BazarCall malware that uses specially-crafted emails to distribute BazarLoader backdoor. The spoofed email, which includes malicious Excel documents, prompts users to call back on a phone number to cancel a subscription before an amount is deducted for the same. The emails are sent under fictitious companies named ‘Medical reminder service, Inc.’,  ‘iMed Service, Inc.’, Blue Cart Service, Inc.', and 'iMers, Inc.

Backdoor malware sighted
Gamers are being targeted with backdoor malware—disguised as game tweaks, patches, and cheats—to steal information from infected systems. Threat actors are using social media channels and YouTube to advertise their malware-laced game tools.

Top Vulnerabilities Reported in the Last 24 Hours

VMware patches flaws
VMware has patched two vulnerabilities found in its vRealize Operations (vROps) product. The flaws are tracked as CVE-2021-21975 and CVE-2021-21983 and are related to server-side request forgery and an arbitrary file write issue. VMware has patched the vulnerabilities in all impacted versions of vRealize Operation Manager, as well as in Cloud Foundation and vRealize Suite Lifecycle Manager.

Citrix issues a patch
Citrix has issued patches for security flaws affecting its Hypervisor. The flaws could allow attackers to deploy arbitrary code on virtual machines. The two vulnerabilities were found to impact all currently supported Hypervisor versions, including version 8.2 LTSR.

Top Scams Reported in the Last 24 Hours

Indonesian banks targeted
An ongoing fraudulent campaign has been found targeting major banks in Indonesia with the ultimate goal of stealing bank customers’ money. To lure victims, cybercriminals pose as bank representatives or customer support team members on Twitter. The campaign has been active since January 2021 and, so far, has targeted over 2 million Indonesian bank customers. Over 1600 fake Twitter accounts have been created as a part of the campaign.

Cart Crasher fraud
A money-laundering fraud ring dubbed Cart Crasher is targeting donation sites to steal money and launder stolen payment cards. The scheme is executed in two parts: First, the fraudsters set up recipient accounts on various donation sites. Then, they create and post fake causes to receive donations.

New Yorkers’ private info at risk
New York’s Department of Financial Services (DFS) has warned users of an ongoing series of attacks that result in the theft of personal information from New Yorkers. Companies targeted by these attacks have been asked to immediately take action to protect New Yorkers’ data.

 Tags

bazarcall malware
ubiquiti labs
securielite
zinc threat actor group
bazarloader backdoor

Posted on: April 01, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite