Go to listing page

Cyware Daily Threat Intelligence, April 11, 2022

Cyware Daily Threat Intelligence, April 11, 2022

Share Blog Post

A newly found infostealer malware is gaining popularity among cybercriminals. Named META, the malware is likely an offshoot of RedLine stealer and is available across several dark web forums. A new banking trojan with a unique capability of making fake calls on behalf of Korean banks has also come under the scanner of researchers. Called Fakecalls, the malware also includes the capabilities of spyware.

Meanwhile, a cybercriminal group named NB65 has got its hand on Conti’s leaked source code to build its own ransomware. The attackers made their first attack attempts against multiple organizations in Russia. Reports also suggest a rise in a new eavesdropping scam tactic that tricks users into a variety of scams.

Top Breaches Reported in the Last 24 Hours

Russian entities attacked
A hacking group named NB65 used Conti’s leaked source code to create its own ransomware. This new ransomware was used in a series of cyberattacks against organizations in Russia. The attackers leveraged the ransomware to steal data and later leaked it online. The affected organizations include Tensor, Roscosmos, and VGTRK.

Conti targets Snap-on company
Wisconsin-based Snap-on fell victim to the ransomware attack after threat actors leaked around 1 GB of stolen data. The incident occurred in March. The accessed data includes social security numbers, names, birthdates, and employee identification-related material of Snap-on franchisees and associates.

SuperCare Health discloses data breach 
California-based respiratory care provider SuperCare Health disclosed a data breach that affected more than 300,000 individuals. The exposed files included names, addresses, dates of birth, medical record numbers, patient account numbers, and health-related information of patients. In some cases, social security numbers, and driver’s license numbers were compromised.

Top Malware Reported in the Last 24 Hours

Fakecalls trojan
Researchers have shed light on the capabilities of a banking trojan called Fakecalls. It mimics the mobile apps of popular Korean banks to spy on users. When installed, the trojan immediately requests permission to access contacts, microphone, camera, geolocation, and call handling. Kaspersky found that, in some cases, the trojan can imitate phone conversations with customer support.

New META infostealer discovered
A newly discovered malspam campaign has been associated with a new META infostealer malware that is capable of stealing passwords from Chrome, Edge, Firefox, and cryptocurrency wallets. The malware is being sold at $125 for a monthly subscription or $1,000 for unlimited lifetime use. It is being promoted as an improved version of RedLine.

Top Vulnerabilities Reported in the Last 24 Hours

Directus patches an XSS flaw
An open-source CMS, Directus, has issued a patch for a cross-site scripting vulnerability. Tracked as CVE-2022-24814, the flaw can lead to compromise of accounts. It impacts versions prior to v9.6.0 of the platform.

Top Scams Reported in the Last 24 Hours

Eavesdropping scam
Researchers spotted a new scam call tactic called the eavesdropping scam. This involves voicemail messages that include critical information about the targeted users. Once the victims return the call, the scammers can run a variety of scams, most commonly offering fraudulent tax relief services. It is revealed that the scam had first emerged in early 2022.

 Tags

supercare health
nb65 threat group
fakecalls trojan
meta info stealer
eavesdropping scam

Posted on: April 11, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.