Cyware Daily Threat Intelligence April 04, 2018

Rarog mining Trojan
Researchers have discovered a coin mining Trojan, going by the name Rarog. The Trojan is being sold on various underground forums since June 2017. Roughly 2,500 unique samples, connecting to 161 different command and control (C2) servers were observed till date.

Cryptocurrency Web Miner Script
Hackers have modified the script on the content displayed on an AOL advertising platform (advertising[.]aolp[.]jp) to launch a web miner program (COINMINER_COINHIVE.E-JS). The web miner traffic was linked to the malicious domain www[.]jqcdn[.]download. The user does not need to click on the ad for the coin miner to run, and the miner will stop after closing the web page.

Magniber ransomware
Decrypters for some versions of Magniber ransomware were created by security researchers. Users can download the decryptors from a South Korean cybersecurity firm AhnLab’s website. However, there's no English version of these decryptors and users will have to use Google translator to understand the instructions. April Android Security Bulletin
The April Android security update has been released by Google noting 28 vulnerabilities that were patched. Of the 28 flaws, nine were registered to be critical and rest 19 were rated ‘high’. The list of devices that are compatible with the new update includes the Pixel, Pixel XL, Pixel 2, Pixel 2XL, Nexus 5X, and Nexus 6P.

Microsoft security update
New security updates for fixing a critical flaw in Windows Defender has been released by Microsoft, including patches for a critical flaw affecting Microsoft Malware Protection Engine in Windows 10. Users are advised to update the vulnerable 1.1.14600.4 version to 1.1.14700.5.

Intel is not going to release the fix for Spectre
Intel released reports stating that the company is not going to provide mitigation for the Spectre vulnerability for old processors, as they have limited commercial availability. Intel also won't provide microcode updates for two SoFIA Atom processors released in 2015. OpIsrael Campaign
Several Israeli websites were hacked by the Anonymous group to display pro-Palestinian messages. The defaced websites bore the hallmarks of the hacker group's annual OpIsrael cyber campaign. Targeted websites included sites belonging to Israeli hospitals, local authorities, Israel Opera, Israel Teachers' Union and the Israeli Defense Forces Widow & Orphans organization.

Singapore universities under attack
An Iranian hacking syndicate targeted four Singapore universities and pilfered more than 31 terabytes of academic data and intellectual property. Cybersecurity Agency of Singapore (CSA) and Ministry of Education (MOE) released a joint statement reporting that 52 accounts across the four universities have been breached. The hackers tricked university staff into disclosing login credentials using phishing attacks.