Go to listing page

Cyware Daily Threat Intelligence, April 08, 2022

Cyware Daily Threat Intelligence, April 08, 2022

Share Blog Post

A new cybercrime-as-a-service called Parrot is making headlines for redirecting victims to over 16,000 malware-infested websites. So, be careful of the sites that display fake browser update notices and instead deliver trojans on systems. The notoriety of fake apps harvesting sensitive user data has also been reported in the last 24 hours. In one instance, many such apps were used to deploy a new Octo Android trojan that is capable of recording keystrokes, collecting contact information, and conducting fraudulent transactions.

The infamous Mirai botnet also managed to ensnare many IoT devices by exploiting the recently discovered Spring4Shell vulnerability. The exploitation was observed in the first week of April. 

Top Breaches Reported in the Last 24 Hours


A&T university targeted
North Carolina A&T University became the latest victim of BlackCat ransomware. The incident occurred on March 7, forcing staff and students to operate manually. Systems taken down by the intrusion included wireless connections, Blackboard instruction, single sign-on websites, VPN, Jabber, Banner Document Management, Chrome River, and Qulatrics.

WonderHero losses $320,000
WonderHero has disabled its website and services after hackers stole $320,000 worth of Binance Coin. Threat actors took advantage of the cross-chain bridging withdrawal feature on the platform to launch the attack.

Top Malware Reported in the Last 24 Hours


Mirai botnet spotted
New reports suggest that the critical Spring4Shell vulnerability has lately been exploited by the Mirai botnet. The attack was first observed on April 1. The botnet exploited one of the Spring4Shell vulnerabilities (CVE-2022-22965) to launch attacks.

New Octo banking trojan spotted
Threat actors have repurposed the code of an old Android malware called ExobotCompact to build a new malware dubbed Octo. It is distributed via a variety of fake apps disguised as Pocket Screencaster, Fast Cleaner 2021, Postbank Security, BAWAG PSK Security, and Play Store update. Once executed, Octo could allow threat actors to conduct fraudulent transactions, record keystrokes, and harvest contact information.

Google removes malicious apps 
Google removed several apps from its Play Store after they were found stealing sensitive data from users. The apps had over 45 million downloads and collected the data through a third-party SDK that had the ability to capture clipboard content, GPS data, email addresses, phone numbers, and even modem router MAC addresses.

Parrot TDS used to redirect malicious websites
A new Traffic Direction System (TDS) called Parrot has emerged in recent months to redirect victims to 16,500 malicious websites for universities, local governments, adult content platforms, and personal blogs. The newly discovered TDS shares similarities to the Prometheus TDS that appeared in 2021.

Top Vulnerabilities Reported in the Last 24 Hours


SSRF flaw identified in Fintech platform
A critical SSRF flaw in an API of Acme Fintech website could have allowed attackers to conduct bank fraud by compromising the accounts of millions of users. It could have further enabled threat actors to pilfer users’ personal and financial details. The API supports the organization’s platform fund transfer functionality. Upon identifying the vulnerability, researchers provided recommended mitigation measures to the organization.

Top Scams Reported in the Last 24 Hours


Cryptocurrency giveaway scam
Fraudsters made nearly $1.7 million by promising cryptocurrency giveaway scams on YouTube. Over 36 YouTube channels used for the purpose were observed between February 16 and February 18, attracting at least 165,000 viewers. The videos were made using footage of tech entrepreneurs and crypto investors like Elon Musk, Brad Gralinghouse, Michael Saylor, Changpeng Zhao, and Cathie Wood to add legitimacy to scams. Additionally, these videos include links to at least 29 websites with instructions on how to double cryptocurrency investments.

 Tags

mirai botnet
parrot tds
cryptocurrency giveaway scam
octo android trojan
wonderhero

Posted on: April 08, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.