Go to listing page

Cyware Daily Threat Intelligence August 09, 2021

Cyware Daily Threat Intelligence August 09, 2021

Share Blog Post

Fraudulent ads and fake apps continue to cause mayhem in the cyber threat landscape. These attack vectors have been found to be part of two recent cyberespionage campaigns that distributed two new malware - a new version of Cinobi trojan and the FlyTrap Android malware. While FlyTrap has infected over 10,000 Facebook users in at least 144 countries since March, the upgraded version of Cinobi trojan was used against cryptocurrency users in Japan.

On a different tangent, researchers have disclosed new threats to the global food supply chain with the revelation of several flaws in John Deere systems. These flaws can be exploited to gain root access to internet-connected farming equipment.

Top Malware Reported in the Last 24 Hours

Cinobi trojan upgraded
A threat actor group named Water Kappa has been uncovered using an upgraded version of Cinobi trojan in a  new malvertising campaign that targets cryptocurrency exchange users in Japan. The malware is delivered via a Bottle exploit kit that abuses sideloading vulnerabilities (CVE-2020-1380 and CVE-2021-26411) in Internet Explorer. 

New FlyTrap Android malware
A newly discovered Android malware dubbed FlyTrap has infected over 10,000 Facebook users in at least 144 countries, since March. The malware is distributed via fraudulent apps through Google Play Store and other third-party apps. The malware is capable of pilfering a victim’s Facebook ID, location, email address, IP address, cookies, and tokens.   

Top Vulnerabilities Reported in the Last 24 Hours 

Flaws in John Deere Systems
Several flaws detected in John Deere systems can be a potential threat to the global food supply chain. These flaws, which now have been patched, existed in a business process management tool called Pega. The vulnerabilities could enable threat actors to gain root access to internet-connected farming equipment.

Vulnerable Exchange servers
In a session at the Black Hat Conference, researchers revealed that threat actors are actively scanning Microsoft Exchange Servers that are vulnerable to ProxyShell remote code execution flaws. The flaws are tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, and can be exploited to execute malicious code remotely on Microsoft Exchange servers.

Apple fixes an AWDL flaw
Apple has fixed a vulnerability in its Wireless Direct Link (AWDL) technology that could be abused to steal data from air-gapped networks. The patches have been issued in iOS 14.5, iPadOS 14.5, watchOS 7.4, and Big Sur 11.3.  

Critical flaws in Go, Rust languages
Multiple programming languages and applications have been found to be vulnerable to Server-Side Request Forgery (SSRF) and Remote File Inclusion (RFI) vulnerabilities existing in the implementations of the netmask library. Some of the affected languages include Go, Rust, and Python. The developers of Rust have addressed the issue in version 1.53.0 and above.

 Tags

cinobi trojan
flytrap android malware
rust language
water kappa

Posted on: August 09, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.