Go to listing page

Cyware Daily Threat Intelligence, April 07, 2022

Cyware Daily Threat Intelligence, April 07, 2022

Share Blog Post

Another day, another new info-stealer alert! Security experts have uncovered a new information stealer named FFDroider that can facilitate cybercriminals in hijacking users’ Facebook, Instagram, and Twitter accounts. Attack campaigns by Remcos RAT and SharkBot were also reported in the last 24 hours. While Remcos leveraged phishing emails impersonating a bank to trick users, SharkBot disguised as six apps to infect users across the globe.

In other emerging threats, the BlackCat ransomware group has repurposed a data exfiltration tool used by BlackMatter threat actors to target organizations worldwide. AridViper aka APT-C-23 has also evolved its attack tactics by introducing two new malware named Barbie downloader and BarbWire backdoor.

Top Breaches Reported in the Last 24 Hours

TDI discloses data security incident
The Texas Department of Insurance (TDI) disclosed a data security incident that affected roughly 1.8 million people. It occurred due to a vulnerability in one of its web applications. The exposed information included names, phone numbers, addresses, dates of birth, and social security numbers of individuals.

Top Malware Reported in the Last 24 Hours

New Remcos RAT attack campaign
A phishing email pretending to be a payment notification from a trusted bank was found delivering Remcos RAT. The email asked the recipient to open the attached Excel file that is protected by a password. The file lures the victim into clicking the ‘Enable Content’ button to execute the malicious macro code.

SharkBot spotted in a new campaign
Researchers found a new campaign distributing SharkBot malware. At least six apps with over 15,000 downloads were leveraged to spread the malware. Most of the victims were from Italy and the U.K, with some users from China, India, Romania, Russia, Ukraine, and Belarus.

APT-C-23 adds new malware
A new campaign dubbed Operation Bearded Barbie has been associated with APT-C-23, a subgroup of the Hamas-linked cyberwarfare operation. The campaign used a fake messaging app known as VolatileVenom to deliver two new malware - Barbie downloader and BarbWire backdoor. The campaign targeted high-profile officials working in defense, law enforcement, emergency services, and other government services.

New FFDroider malware
A new information stealer named FFDroider capable of stealing credentials and cookies stored in browsers has been uncovered by security researchers. The stolen credentials can be used further to hijack victims’ social media accounts. The malware is distributed via cracked software, free software for games, and other files downloaded from torrent sites.

Data theft tools used widely
A data theft tool used by BlackCat (aka ALPHV) ransomware is increasingly being used to target industrial organizations. It is tracked as ExMatter, a modified version of Fendr. Researchers revealed that the BlackCat group had used Fendr to exfiltrate data from oil, gas, mining, and construction firms in South America.

Top Vulnerabilities Reported in the Last 24 Hours

VMware patches five vulnerabilities
VMware has issued patches for several vulnerabilities affecting Workspace ONE Access and other products. Two of these flaws are tracked as CVE-2022-22955 and CVE-2022-22956 and have a CVSS score of 9.8. Described as remote code execution issues, the flaws require administrative access for successful exploitation.

WatchGuard fixes a critical vulnerability
WatchGuard fixed a critical vulnerability in its line of firewall devices that was used by the Sandworm APT group to build an army of botnets. The flaw, tracked as CVE-2022-23176, impacts versions prior to 12.7.2_U1 of Fireware OS. It has a CVSS score of 8.8 out of 10.

Apple’s 2 zero-day flaws exploited in the wild 
Unpatched Big Sur and Catalina versions of Apple macOS are being actively exploited for two vulnerabilities tracked as CVE-2022-22675 and CVE-2022-22674, respectively. The firm has issued fixes for the vulnerabilities in devices running macOS, iOS, and iPadOS.


barbie downloader
operation bearded barbie
blackcat ransomware group
blackmatter threat actors
remcos rat
barbwire backdoor

Posted on: April 07, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.