Go to listing page

Cyware Daily Threat Intelligence, April 15, 2019

Cyware Daily Threat Intelligence, April 15, 2019

Share Blog Post

Malware authors are constantly developing new malware in order to launch more catastrophic attacks worldwide. Lately, a new malware dubbed as Trojan.PS1.LUDICROUZ.A has been found infecting users in Australia, Taiwan, Vietnam, Hong Kong, India and China. The powerful malware uses multiple propagation and infection techniques to distribute a Monero cryptocurrency miner.

That’s not all. Security researchers have also come across a new ransomware named RobbinHood. This ransomware encrypts all computers within a network and finally drops four ransom notes under 4 different names at the same time. The ransom notes include information regarding the victim’s files, ransom amount and links to the TOR sites.         

The past 24 hours also witnessed a major data breach incident. Threat actors have revealed personal information of about 1,400 federal agents and police officers on the Internet. The hackers had managed to steal the data from websites affiliated with the alumni of the FBI’s National Academy.

Top Breaches Reported in the Last 24 Hours

Luthianian MoD suffers an attack
The Lithuanian Ministry of Defense (MoD) has suffered a cyber attack that was aimed at damaging the reputation of the entire national defense system. The attack was carried out on April 10, 2019 via a spear phishing campaign. The phishing email appeared to come from an employee working in the MoD. It included malicious links to the fake news on corruption in the ministry.

Microsoft Outlook hacked
Microsoft is notifying some Outlook users about a hack that occurred for months earlier this year. The hackers had managed to gain unauthorized access to some accounts between January 1st and March 28th, 2019. This would have allowed the hackers to view account email addresses, folder names and subject lines of emails.

Records of FBI employees stolen
Threat actors have posted online the personal information of at least 1,400 employees working in different law enforcement agencies. The stolen data belong to the employees of the FBI, Secret Service, Capitol Police and Sheriffs in North Carolina & Florida. The information was apparently stolen from websites affiliated with the alumni of the FBI’s National Academy.  

Top Malware Reported in the Last 24 Hours

RobbinHood ransomware
A new ransomware named RobbinHood has been detected by security researchers. The ransomware aims at targeting an entire network as part of its infection process. Once launched, the malware encrypts all the computers within the network and requests a certain amount of bitcoins to decrypt a single computer or the entire network. It drops four ransom notes simultaneously which include information about the victim's files, ransom amount and links to the TOR sites. These TOR sites are the ones where users can leave a message for the operators or decrypt 3 files up to 10 MB in size for free. 

New Miner malware
Security researchers have unearthed a new malware that uses multiple propagation and infection methods to drop a Monero cryptocurrency miner. Detected as Trojan.PS1. LUDICROUZ.A, the malware has been observed targeting users in Australia, Taiwan, Vietnam, Hong Kong, India and China. One of the propagation methods of the malware includes the use of EternalBlue exploit kit.

Decryptor for CryptoPokemon
Emsisoft has released a decryption key for CryptoPokemon ransomware. The malware encrypts files using SHA256 + AES128. After encryption, it displays a ransom note asking for 0.02 Bitcoins. The researchers of Emsisoft were able to find bugs in the malware’s source code, which resulted in a free decrypter.

Top Vulnerabilities Reported in the Last 24 Hours

Apache releases updates
The Apache Software Foundation has released security updates to address a flaw in Apache Tomcat. Tracked as CVE-2019-0232, the vulnerability affected the versions prior to 7.0.93, 8.5.39 and 9.0.17 respectively. The flaw could allow a remote attacker to execute arbitrary code and take control of an affected system. Therefore, users are advised to upgrade the software to versions 7.0.93, 8.5.40 and 9.0.18 as soon as possible. 

XML injection flaw in IE
A security researcher has discovered a new security flaw in Internet Explorer that could allow hackers to steal Windows users’ data. The flaw is dubbed as XML External Entity Injection vulnerability. It can allow remote attackers to potentially exfiltrate local files and conduct remote reconnaissance on locally installed Program version information. The vulnerability can be exploited by using a specially crafted .MHT files.

Vulnerable VPN applications
Enterprise VPN applications developed by Palo Alto Networks, Pulse Secure, Cisco and F5 Networks are found storing authentication and session cookies insecurely. This can allow attackers to intercept traffic data and inject malicious code to perform Man-in-the-Middle (MitM) attack.

Top Scams Reported in the Last 24 Hours

‘The Nasty List’ phishing scam
A new phishing scam called ‘The Nasty List’ has been found targeting Instagram users. The scam aims at stealing users’ login credentials. If a user falls victim to the scam, scammers use the stolen account to further promote the phishing scam. The scam is spread through a one-line message like "OMG your actually on here, @TheNastyList_34, your number is 15! its really messed up." The message is sent to all the followers of the hacked account. To avoid falling for such Instagram phishing scams, users are advised not to share their login credentials on unknown sites. 

 Tags

xml injection flaw
robbinhood ransomware
phishing scam
cryptopokemon
luthianian mod

Posted on: April 15, 2019


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

The Virtual Cyber Fusion Suite