Go to listing page

Cyware Daily Threat Intelligence, April 22, 2022

Cyware Daily Threat Intelligence, April 22, 2022

Share Blog Post

Millions of Android phones were at risk of remote hijack due to a newly discovered ALHACK vulnerability. The set of flaws, stemming from Apple’s open-source audio codec, exclusively affected the devices with chips from MediaTek and Qualcomm and has been fixed by respective vendors.

In other emerging threats, cryptocurrency mining has become a priority for cybercriminals as researchers unmask two recent attack campaigns. One of them involved the use of a new Certishell malware and the other leveraged the prolific LemonDuck botnet. Meanwhile, a new update reveals that Nokoyawa ransomware shares similarities with Nemty ransomware.

Top Breaches Reported in the Last 24 Hours

Bob's Red Mill affected
Bob's Red Mill Natural Foods issued a notification about a data breach that affected its customers’ data. The incident took place between February 23 and March 1. It was executed using malicious software that scraped the personal details of customers from its website.

Top Malware Reported in the Last 24 Hours

New Certishell malware
Avast has published a technical report on a newly found malware, dubbed Certishell, that is targeting Czech and Slovak users exclusively. The malware contains modules for remote access, cryptomining, and even ransomware. It is being distributed via pirated copies of movies and songs, cracked software, and keygens of games and common tools.

LemonDuck botnet re-emerges
Operators of the LemonDuck botnet are back in a new cryptocurrency mining campaign. The attackers take advantage of misconfigured Docker APIs on Linux servers to deploy malicious payloads. The currently active campaign uses proxy tools to hide wallet addresses linked to its mining activity.

Ginzo stealer gains traction
Over 400 samples of Ginzo stealer have appeared since it was first discovered on March 24. The malware is available for free on underground forums. The attackers have also set up a Telegram channel to sell the stealer. The malware is capable of harvesting data like screenshots, credentials, cookies, and Telegram sessions. It can also steal cryptocurrency wallets and system information.

New update on Nokoyawa ransomware
A new report reveals that the recently discovered Nokoyawa ransomware is a variant of Nemty ransomware. Researchers came to the conclusion after assessing the encryption technique, ransom note, and C2 servers used by both ransomware.

Top Vulnerabilities Reported in the Last 24 Hours

Serious ALHACK vulnerability
Around two-thirds of all Android phones sold in 2021 were found vulnerable to a series of flaws called ALHACK. The flaws existed in Apple’s open-source audio codec used by Qualcomm and MediaTek. While Qualcomm patched the bug tracked as CVE-2021-30351, MediaTek assigned the flaws CVE-2021-0674 and CVE-2021-0675 (which are also fixed).

Flawed SmartPPT products fixed
A total of nine vulnerabilities patched in SmartPTT and SmartICS SCADA products from Elcomplus could be exploited to upload malicious files, obtain credentials stored in clear text, and elevate privileges to the admin level. One of them is rated high-severity. The other flaws include path traversal, cross-site scripting (XSS), arbitrary file upload, authorization bypass, cross-site request forgery (CSRF), and information disclosure issues.

Top Scams Reported in the Last 24 Hours

IRS Tax scams
Several instances of IRS tax scams targeting taxpayers in the U.S were reported recently. In one incident, threat actors used phishing emails that appeared to come from the IRS to warn the recipients about the last date for filing their taxes and asked them to complete the tax filing by clicking on malicious attachments. In some cases, the cybercriminals also impersonated federal agencies such as the DHS to warn victims about overdue payments to the IRS, which should be paid via a link that redirects them to a fake PayPal site.


ginzo stealer
alhack vulnerability
lemonduck botnet
irs tax scams
certishell malware

Posted on: April 22, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.