Go to listing page

Cyware Daily Threat Intelligence, April 09, 2019

Cyware Daily Threat Intelligence, April 09, 2019

Share Blog Post

Mirai, the powerful botnet that unleashed unprecedented DDoS attacks in 2016, has never gone away. With the passing years, the botnet has become more robust and sturdy in order to compromise a wide range of devices. Lately, security experts have come across a new variant of Mirai botnet that targets new processors. This includes the name of Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze. The botnet variant makes use of a modified version of the standard byte-wise XOR to avoid detection.

Talking more about malware variants, researchers have also discovered new variants of Anubis trojan and Exodus spyware. While the new variant of Anubis banking trojan includes the encryption behavior similar to ransomware, the new iOS version of Exodus spyware masquerades itself as legit apps on the App Store to trick users.

While cybercriminals are continuously working on enhancing the capabilities of existing malware, security vendors and organizations are never behind in securing their critical systems, products, and networks. In one of the major patch releases, TP-Link has issued security patches to address zero-day flaws in two of its budget router models.  

Top Breaches Reported in the Last 24 Hours

Genesee County suffers a ransomware attack
Genesee County has disclosed that it fell victim to a ransomware attack recently. The attack had affected its computer networks, although the County claims that most of them have been restored after almost 4 days of extensive hard work. The email services are also working in normal condition since April 6, 2019. However, the County is still working to restore several critical services across other departments. The county believes the attack was limited to encrypting its files and that no data has been exfiltrated.

City of Tallahassee payroll system hacked
A cyber attack on the City of Tallahassee’s human resources management application has affected around two hundred employees. As a result, nearly half a million dollars was diverted out of the City’s employee payroll. The incident occurred after intruders gained unauthorized access to the application. This is the second time in a month that the City’s online security has been compromised. 

Petrobangla website hacked
The official website of Bangladesh Oil, Gas and Mineral Corporation, called Petrobangla, has been hacked. Although the firm is yet to estimate the extent of the attack, it has been found that the attack was carried out by hackers who go by the name of ‘N33LOB33’. After hacking the website, they displayed a message which read, “Your All Data Are Safe” on the website, (https[:]//petrobangla[.]org[.]bd/), around 5pm on Sunday.”

Top Malware Reported in the Last 24 Hours

New Mirai variant
Researchers have come across a new variant of Mirai botnet that targets new processors/architectures. This includes Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze. The new sample makes use of a modified version of the standard byte-wise XOR to avoid detection. It is also capable of conducting SYN flood attacks.

Anubis trojan includes ransomware capabilities
A new variant of Anubis trojan that includes behavior similar to ransomware has been spotted in the wild. The trojan is distributed via a malicious application. Once launched, the malware steals users’ PayPal credentials and later encrypts the files using a .Anubiscrypt extension. It can also lock the screen of the targeted device using its in-built device lock feature. 

New iOS version of Exodus spyware
A new iOS version of Exodus spyware has been discovered that targets Italian and Turkmenistan users. The malware is distributed via legit iOS apps on the App Store. It is capable of stealing contacts, photos, videos, audio recordings and GPS information of Apple device users. 

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable TP-Link routers
Two models of TP-Link’s budget routers (TP-Link WR940N and TL-WR941ND) have been found to be vulnerable to zero-day flaws. The flaws can allow attackers to take control of the routers remotely. Following the discovery, TP-Link has released security patches to address the flaws. Thus, users having the following the two models are urged to upgrade their TP-Link firmware to TL-WR940Nv3 and TL-WR941NDv6 respectively. 

A bug in webkit2gtk3 fixed
A security patch for a bug - tracked as CVE-2019-8375 - in webkit2gtk3 has been released by security researchers. The flaw affects all the WebKit products that use webkit2gtk3 and WebKitGTK+ versions prior to 2.23.90 and 2.22.6 respectively. The bug can allow remote attackers to cause a denial of service or other unspecified attacks. Affected users are recommended to update the webkit2gtk3 to version 2.24.0.

MyCar app bug patched
The MyCar Controls mobile application has patched a flaw that could allow local attackers to steal sensitive data from a target MyCar unit. The bug affected versions prior to 3.4.24 on iOS and prior to 4.1.2 on Android. Affected iOS and Android users are advised to update the app to versions 3.4.24 and 4.1.2 respectively.


tp link routers
mirai botnet
exodus spyware
anubis banking trojan
actual ransomware attack

Posted on: April 10, 2019

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.