Go to listing page

Cyware Daily Threat Intelligence, April 22, 2021

Cyware Daily Threat Intelligence, April 22, 2021

Share Blog Post

Messaging apps are increasingly becoming a popular channel to deliver and control malware. In the past 24 hours, researchers have detected the delivery of two new malware via WhatsApp and Telegram. While a new variant of recently discovered Pink malware has been found sending automatic replies to Signal, Telegram, Viber, and Skype through a fake WhatsApp app, the ToxicEye RAT propagated via Telegram can take over file systems, install ransomware, and leak data from victims’ PCs.

Botnets wreaking havoc on connected devices also made headlines in the last 24 hours. Two botnets, detected as Prometei and Pareto, were found being used to mine cryptocurrency and conduct ad fraud respectively.

Top Breaches Reported in the Last 24 Hours

Million credentials on sale
The login credentials for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked on the UAS dark web market. With this massive leak of compromised credentials, researchers claim that it can open doors to numerous attacks against affected organizations.

Top Malware Reported in the Last 24 Hours

WhatsApp Pink malware improved
WhatsApp malware dubbed Pink has now been updated to automatically respond to Signal, Telegram, Viber, and Skype messages. The malware is distributed via a fake version of WhatsApp that claims to be a ‘Pink’ themed version.

Pareto botnet
A botnet dubbed Pareto has been found infecting a massive number of Android devices to conduct fraud in the connected TV advertising ecosystem. The botnet works by spoofing signals within malicious Android mobile apps to impersonate consumer TV streaming products running Fire OS, tvOS, Roku OS, and other prominent platforms.

ToxicEye malware
Hackers are leveraging the popular Telegram messaging app to distribute a RAT named ToxicEye. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The malware can take over file systems, install ransomware, and leak data from victims’ PCs.

Prometei botnet
Prometei botnet is the latest malware to take advantage of the ProxyLogon vulnerabilities. The botnet can allow threat actors to mine cryptocurrencies.

Top Vulnerabilities Reported in the Last 24 Hours

Rockwell Automation releases updates
Rockwell Automation has released firmware updates to address a new set of vulnerabilities found in Stratix switches using Cisco’s IOS XE software. The vulnerabilities are tracked as CVE-2021-1392 and CVE-2021-1403.

Valve fixes a flaw
Game publisher Valve has resolved a critical security flaw in its popular Steam platform that existed for the last two years. Tracked as CVE-2021-30481, the flaw affects every title that uses the Source engine.

Trend Micro flaw actively exploited
Trend Micro has revealed that a threat actor is actively exploiting a flaw found in its antivirus solutions. The flaw (CVE-2021-24557) can be abused to gain admin rights on Windows systems.


prometei botnet
pareto botnet
toxiceye rat
pink malware

Posted on: April 22, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.