Go to listing page

Cyware Daily Threat Intelligence, April 19, 2022

Cyware Daily Threat Intelligence, April 19, 2022

Share Blog Post

Anything downloaded from unofficial sources can be harmful. Researchers are warning users about a fake Windows 11 website that is being used to deliver Inno Stealer malware. There is also an update about a fresh Pegasus spyware campaign that exploits a new zero-click vulnerability in iOS systems. Reportedly, several high-profile people have been targeted in the campaign. 

There’s a stir in the botnet-based attacks as threat actors launch a new variant of the BotenaGo botnet to target DVR devices. The botnet derives its code from the source code of the original botnet that was leaked in October 2021.

Top Breaches Reported in the Last 24 Hours


Over $655,000 stolen
Crypto wallet MetaMask is warning its community of users about a potential phishing attack that resulted in the loss of around $655,000. The attackers leveraged a security issue in iPhone, Mac, and iPad devices to accomplish the hack. 

Top Malware Reported in the Last 24 Hours


New Inno Stealer malware
In an attempt to spread the new Inno Stealer malware, threat actors are leveraging SEO poisoning tactics to promote fake Windows 11 updates. The malware is capable of stealing browser data and cryptocurrency wallets. According to researchers, the malware is written in Delphi and removes security solutions from Emisoft and ESET from the victim’s system.

Free decryptor for Yanluowang
A security lapse discovered in the encryption process of the Yanluowang ransomware has enabled researchers to build a decryptor. This decryptor is available for free to the victims who are infected by the ransomware. The ransomware was first spotted in October 2021 and was used in highly targeted attacks against large organizations. 

New Pegasus spyware campaign
A new zero-click flaw identified in iOS systems has been exploited to propagate Pegasus or Candiru spyware. At least 65 individuals have been targeted in the attack, including members of the European Parliament, Catalan presidents, legislators, and civil society organizations. The flaw affects various versions of the operating system prior to iOS 13.2 and was exploited using an exploit kit called HOMAGE. 

New BotenaGo variant spotted
A new variant of BotenoGo botnet is stealthily targeting a pool of IoT devices, including the Lilin security camera DVR devices. The variant derives its code from the source code of the original botnet that was leaked in October 2021.

Top Vulnerabilities Reported in the Last 24 Hours


Lenovo patches three flaws
Lenovo patched a trio of bugs that could be abused to perform UEFI-level attacks. The bugs tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972 could be exploited to deploy and execute UEFI malware either in the form of SPI flash implants like LoJax or ESP implants like ESPecter in the Lenovo Notebook BIOS. The impacted products are Lenovo Flex laptops, IdeaPads, Legion gaming devices, V14, V15, and V17 series, and Yoga laptops.

 Tags

lenovo computer
yanluowang ransomware
pegasus spyware campaign
botenago botnet
inno stealer malware

Posted on: April 19, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.