Cyware Daily Threat Intelligence August 14, 2018

Top Malware Reported in the Last 24 Hours
KeyPass 
A new variant of the STOP ransomware, called KeyPass, has recently emerged. The ransomware is believed to be spreading rapidly and is capable of hijacking a computer and encrypting all files. KeyPass' distribution method is still unknown. It can be removed using special anti-malware programs. 

Andromeda 
Law enforcement authorities shut down the Andromeda botnet last year. However, the botnet is still infecting numerous PCs. Security experts believe that only Andromeda's C2 servers were taken down and not its endpoints, which still appear to be thriving. The currently infected PCs could be used by attackers to conduct DDoS attacks. 

DeepLocker 
DeepLocker is a highly evasive and targeted malware that is powered by AI. The malware is capable of infecting numerous computers without being detected. DeepLocker's AI  identifies targets via facial recognition, geolocation, and voice recognition.  An open-source facial recognition tool called Social Mapper can be used to target victims across multiple social networks at once. DeepLocker can hide malicious payloads in benign applications to evade malware scanners and anti-virus programs.

Top Vulnerabilities Reported in the Last 24 Hours
HP printers flaws
Two critical vulnerabilities have been discovered in the fax protocol of HP OfficeJet Printers. When combined with the EternalBlue exploit, these two stack-based buffer overflow flaws could attackers to infiltrate PCs connected to the printers. HP has issued patches for both the flaws. Users are recommended to use the latest Windows OS as well. 

ZTE bugs
DHS-funded researchers revealed that smartphones made by China-based ZTE are loaded with vulnerabilities that could allow attackers the ability to compromise devices and steal user data, including emails, and text messages. The vulnerabilities provide hackers with a loophole to access users’ data without their knowledge. ZTE claims its working with US network carriers to issue updates to fix the bugs. 

NetComm flaws
Two critical flaws have been found in NetComm routers. The  Cross-site Request Forgery (CSRF) and the Cross-site Scripting (XSS) flaws, if exploited, could allow attackers to hijack devices. An Information Exposure Through Directory Listing bug could also be triggered by an attacker to gain the complete index of all the resources located inside of the directory. 





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.