A new malicious browser extension dubbed SHARPEXT is scanning through Chrome, Edge, and Whale browsers to exfiltrate email data from Gmail and AOL clients. It is the first time that a threat actor has used browser infection as part of the post-exploitation phase, noted experts. More threats hover over Android users as security researchers disclosed a family of 17 banking trojan-delivering apps, collectively called DawDropper.
Moreover, a giant investment scam is hiding behind fake local and global celebrity-based promotional schemes to lure innocents. They are reportedly asked to fill out a form and deposit a fee to participate in the scheme.
Top Breaches Reported in the Last 24 Hours
Missile manufacturing firm breached
Europe-based manufacturer of missiles Matra, BAe Dynamics, and Alenia (MBDA) has allegedly suffered a breach and lost 60 GB of proprietary data. The leaked information includes military projects, contract agreements, commercial activities, and correspondence with other companies. A threat actor with the moniker Adrastea has claimed responsibility for the attack.
OneTouchPoint laid bare PII
Mailing and printing services platform OneTouchPoint experienced a security incident affecting 30 plus healthcare providers and health insurance carriers. Last week, the victim firm found encrypted files on some of its systems that contained the PII of its customers.
Top Malware Reported in Last 24 Hours
DawDropper: A set of Android threats
Researchers found 17 malicious Android Apps, known as DawDropper, dropping different banking malware. These apps pose as productivity and utility apps ranging from document scanners and QR code readers to VPN services, and call recorders. The families of banking trojans spread by the criminals include Octo, Hydra, Ermac, and TeaBot.
Malicious extension targets email accounts
North Korea-linked SharpTongue APT has been discovered exploiting email accounts of Gmail and AOL users via a malicious browser extension. The extension, known as SHARPEXT, does not extract user credentials. Rather, it accesses the victim’s webmail account. The extension presently supports three web browsers, namely Chrome, Edge, and Whale.
Top Vulnerabilities Reported in the Last 24 Hours
Patch warning for a bug in Confluence
The CISA has ordered government agencies—and advised private sector companies—to patch the recently disclosed Confluence vulnerability as its exploitation is increasing day by day. The bug is identified as CVE-2022-26138 and is located in the Questions for Confluence app.
Path traversal flaw risk server files
A researcher uncovered a flaw in file transfer software CompleteFTP that enabled an unauthenticated attacker to remove arbitrary files on affected installations. The bug, assigned CVE-2022-2560 in the HttpFile class, is the outcome of the lack of proper validation of a user-supplied path prior to using it in file operations.
Top Scams Reported in the Last 24 Hours
High-return investment fraud
Researchers spotted a humongous network containing over 11,000 domains to host fake investment schemes in Europe. Hackers bait users with high-return investment plans and expect potential victims to deposit 250 EUR ($255) as a sign-up fee. The fake sites display random celebrity endorsements and fabricate evidence of enrichment to make scams appear legitimate.