Go to listing page

Cyware Daily Threat Intelligence, August 18, 2022

Cyware Daily Threat Intelligence, August 18, 2022

Share Blog Post

Android 13 is here but cybercriminal groups continue to give stiff competition to developers behind the new update. Security analysts have discovered a dropper app explicitly designed to crush new features in the latest version of Android. Speaking of malware, researchers warned against a highly pervasive .NET-based crypter, dubbed DarkTortilla. It is capable of delivering different payloads ranging from AgentTesla, NanoCore, and AsyncRat to RedLine Stealer. It has been active since 2015.

Meanwhile, Apple has issued a warning to patch two security holes that are already being used to attack iPhones. Both can allow arbitrary code execution, but one of them is through kernel privileges and the other is via maliciously crafted web content in WebKit.

Top Breaches Reported in the Last 24 Hours


Argentinian agribusiness compromised
Aceitera General Deheza (AGD), an Argentinian agribusiness, revealed it detected an intrusion that resulted in some of its operations being interrupted. Officials said that the hackers requested a significant ransom amount in cryptocurrencies to release the data. At the same time, they claimed to recover all the data from the backup system.

Top Malware Reported in the Last 24 Hours


Blackbyte’s new leak site and extortion technique
BlackByte ransomware announced the release of version 2.0 of their data leak site on Twitter. Experts are unsure whether the ransomware encryptor has also been upgraded or not, but it now boasts a new extortion technique that allows the victim to pay if they wish to remove their data while offering other threat actors to buy it.

DarkTortilla - An overlooked threat
Secureworks’ Counter Threat Unit (CTU) disclosed details about a sneaky crypter, named DarkTortilla. Active since at least August 2015, it can deliver popular information stealers and remote access trojans, including AgentTesla, AsyncRat, NanoCore, and RedLine. “Researchers often overlook DarkTortilla and focus on its main payload,” emphasized CTU.

Can BugDrop circumvent Android 13 security?
Cyber adversaries are reportedly attempting to bypass a new 'Restricted setting' security feature in Android 13. The feature, introduced by Google, blocks sideloaded applications from requesting Accessibility Service privileges. Analysts at Threat Fabric revealed that malware authors are already at work and have developed a dropper that is in its early stage, dubbed BugDrop, to breach the security.

Malicious apps with 2 million downloads
Bitdefender laid bare 35 malicious applications on the Google Play Store, copying the original ones by altering their names and icons. Cybercriminals use these apps to bombard devices with ads, which leads victims to infected websites or links that drop additional malware on devices. These apps were downloaded nearly two million times.

Top Vulnerabilities Reported in the Last 24 Hours


Apple urges immediate patch
Apple released updates for a trio of operating systems fixing multiple bugs that, according to the firm, may have been actively exploited in the wild. The first issue is a bug in the iPhone Kernel tracked as CVE-2022-32894. The second bug, CVE-2022-32893, was found in WebKit, the browser engine that powers Safari. The firm has released the macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 updates to be installed as soon as possible.

 Tags

apple
aceitera general deheza
agenttesla
cve 2022 32894
android apps
nanocore
asyncrat
android 13
cve 2022 32893
bugdrop
darktortilla
cryptocurrencies

Posted on: August 18, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.