Cyware Daily Threat Intelligence, August 28, 2020

Share Blog post

Malware authors are constantly developing existing malware to launch catastrophic attacks worldwide. A new variant of Lemon_Duck cryptomining malware that is capable of infecting Linux systems has come to light in the last 24 hours. The variant includes an exploit for a SMBGhost flaw affecting Windows systems and is capable of targeting servers running on Redis and Hadoop instances.

Additionally, a new Anubis info-stealing trojan was also spotted in the wild. The trojan, which borrows its code from Loki malware, is capable of stealing system information.

Researchers also demonstrated a new attack technique that can enable attackers to make fraudulent purchases using contactless VISA cards. The attack relies on a tool called Tamarin, developed by the researchers.

Top Breaches Reported in the Last 24 Hours

NCR Corporation attacked
NCR Corporation was infected by the Lethic trojan that is capable of  remote access, lateral movement, and downloading additional payloads. The incident poses a potential supply chain risk to the customers associated with the popular point-of-sale and ATM software developer.

Valley Health Systems affected
The Valley Health Systems has been attacked by REvil ransomware. Following the attack, the healthcare organization lost information related to its clients, employees, and patients.

Top Malware Reported in the Last 24 Hours

New Variant of Lemon_Duck malware
A new variant of Lemon_Duck cryptomining malware has been found targeting Linux machines via SSH brute force attacks. The new variant also exploits an SMBGhost bug in Windows systems and is able to target servers running Redis and Hadoop instances. To make sure that it survives between system reboots, this new malware variant gains persistence by adding a cron job.

New Anubis trojan
Microsoft has detected a new piece of malware, called Anubis, in the wild. It draws code from Loki malware. The malware is designed to steal information from infected Windows systems.

Top Vulnerabilities Reported in the Last 24 Hours

New attack technique
Researchers have discovered an attack technique that can be used to bypass PIN codes for VISA contactless payments. The attack can be executed using four components - two Android phones, a special app called Tamarin, and a VISA contactless card. The attack, if abused in reality, can allow criminals to make fraudulent purchases by impersonating the owner.

 Tags

anubis info stealing trojan
tamarin
lemon duck malware
visa contactless payments

Posted on: August 28, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!