Go to listing page

Cyware Daily Threat Intelligence August 18, 2021

Cyware Daily Threat Intelligence August 18, 2021

Share Blog Post

With cryptocurrencies spreading across the business world, cybercrime has become a real threat. In the past 24 hours, researchers have witnessed several cryptocurrency mining campaigns that were launched via a newly discovered HolesWarm botnet and various fake mobile apps.

In other news, the infamous Ursnif trojan was spotted in a new campaign that leveraged CAPTCHA prompts to trick users. Meanwhile, IT and communication companies in Israel were at the center of a supply chain attack campaign launched by the Siamesekitten threat actor group. The attacks leveraged fake LinkedIn profiles to target victims.

Top Breaches Reported in the Last 24 Hours

T-Mobile confirms attacks
T-Mobile has confirmed that approximately 40 million prospective customers have been affected by a recent data breach. The attackers stole customers’ personal information and subscription details. However, the telco claims that no financial information was compromised in the breach.

Siamesekitten APT targets Israel companies
Iranian APT group Siamesekitten has been associated with multiple attack campaigns that targeted IT and communication companies in Israel. The attacks, which were launched between May and July, leveraged fake LinkedIn profiles to deliver malware.

New discovery in Conti’s intrusion tactic
An interesting tactic used by the Conti ransomware affiliates has come to light following the leak of the training material on the internet. It has been found that a legitimate Atera remote access software is being used as a backdoor for continued persistence. Among the other tactics discovered, the adversaries look for specific keywords to target insurance and banking institutions.

Credential stuffing attacks
The FBI has warned about the rise in credential stuffing attacks against grocery and food delivery services that drain user funds through fraudulent orders. For this, the hackers are using credentials obtained through breaches.

Top Malware Reported in the Last 24 Hours

Ursnif attack campaign
A malware campaign using a clever CAPTCHA prompt tricks users into downloading the Ursnif trojan. One of the distribution methods shared by researchers involves the use of fake YouTube videos.

HolesWarm botnet
Researchers claim that the HolesWarm botnet has compromised more than 1,000 cloud hosts since June. The botnet includes exploits for 20 vulnerabilities affecting Linux and Windows servers. It uses infected systems to mine Monero cryptocurrency.

Fake cryptocurrency apps
Several mobile apps masquerading as cryptocurrency mining apps were discovered tricking victims into watching ads and paying subscription fees in cryptocurrency for fake services. The fake apps were tracked under the names AndroidOS_FakeMinerPay and AndroidOS_FakeMinerAd.

New BlueLight malware
A newly discovered watering hole attack that lasted until early June 2021, exploited two browser vulnerabilities to deploy the Cobalt Strike beacon that ultimately distributed a new malware strain named BlueLight. The attack was launched on one of the most popular North Korean-themed news sites, Daily NK.

Top Vulnerabilities Reported in the Last 24 Hours 

Adobe issues patches
Adobe has issued security patches for critical vulnerabilities affecting its popular Photoshop image manipulation software. The flaws are related to memory corruption issues and have a CVSS score of 7.8. Adobe has also pushed multiple patches for remote code execution vulnerabilities affecting its XMP Toolkit SDK.

New update on BadAlloc flaw
Some older versions of BlackBerry’s QNX operating system are affected by the BadAlloc flaw that can allow hackers to gain control of certain cars, medical devices, and industrial devices. Furthermore, the flaw can lead to arbitrary code execution and denial of service attacks. BlackBerry has released software updates to patch the vulnerabilities.?


t mobile usa
ursnif trojan
bluelight malware
siamesekitten apt
badalloc flaw
credential stuffing attacks

Posted on: August 18, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.