Go to listing page

Cyware Daily Threat Intelligence, April 16, 2021

Cyware Daily Threat Intelligence, April 16, 2021

Share Blog Post

Another day, another instance of cryptojacking attack. The notorious Lazarus APT is on a new mission to steal cryptocurrency using a never-before-seen tool, dubbed BTC Changer. Researchers have identified three compromised websites that contain the tool.

The story does not end here. In an interesting discovery, the operators of HackBoss have been found distributing the cryptocurrency-stealing malware over Telegram under the guise of free malicious applications. The motive is to distribute the malware to as many threat actors as possible.

Attackers are also honing their skills to launch more sophisticated supply chain attacks and the latest target is Codecov. The firm disclosed that its networks were under the control of attackers for nearly three months, during which they easily pilfered customers’ credentials.

Top Breaches Reported in the Last 24 Hours

Celsius Network breached
Cryptocurrency rewards platform Celsius Network has disclosed a security breach that ultimately led to a phishing attack. The attack occurred after a third-party marketing server was compromised and threat actors gained access to a partial customer list.

Codecov under supply chain attack
Software company Codecov has disclosed a two and half month long supply chain attack that enabled threat actors to collect customer credentials, tokens, and keys. The attackers had gained access to the Bash Uploader script on January 31 and made changes to malicious code frequently.

Top Malware Reported in the Last 24 Hours
HackBoss spotted
The malware authors of HackBoss are distributing the cryptomining malware to other aspiring cybercriminals by concealing it in free malicious applications over Telegram. The malware comes packed in a ZIP file with an executable that launches a simple user interface.

Cryptojacking attack
XMRig miner has returned in an ongoing cryptojacking attack that targets Nagios XI software vulnerable to a remote code execution vulnerability. The flaw is tracked as CVE-2021-25296 and impacts version 5.7.5 of the software.

BTC Changer
Lazarus APT is back in action with a new tool dubbed BTC Changer to mine cryptocurrency. So far, researchers have detected three websites that contain the tool.

Gafgyt improved
A new version of Gafgyt botnet that includes new approaches to compromise IoT devices has been uncovered by researchers. Along with several new exploits, the latest variant has incorporated several Mirai-based modules.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Juniper devices patched
A critical vulnerability patched recently in Junos operating system could allow an attacker to remotely hijack or disrupt devices. The hole, tracked as CVE-2021-0254, is executed by sending a specially crafted packet to users.

Google releases 37 fixes
Google has released 37 security fixes for Chrome 90.0.4430.72. Six of these flaws are high-severity vulnerabilities, 10 are rated medium, and three are rated low.


lazarus apt
xmrig miner
btc changer

Posted on: April 16, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.