Cyware Daily Threat Intelligence December 11, 2017

Top Malware Reported in the Last 24 Hours
Napoleon ransomware
This file-encrypting ransomware was earlier known as Blind has been identified recently with a .napoleon extension. In addition, there were some additional changes and also a bug fix that means files can no longer be decrypted by victims. When infiltrated, the ransomware checks the privileges with which it runs. If it has sufficient privileges, it deletes shadow copies.

Esif.exe CPU miner
The classified Potentially Unwanted Program (PUP) — Esif.exe CPU Miner — is reported to feature a corrupted version, which is found on compromised machines. The Esif.exe CPU Miner is a program that is used to make complex calculations and verify the exchange of a cryptocurrency called Bitcoin (BTC).

Java file extension ransomware
The file encoder Trojan — java file extension — is a modified version of a threat called Dharma ransomware. The ransomware features minimal changes to the code, but the payload is released in a new packaging, and there are new IP addresses, email accounts. Malware is delivered through macro-enabled documents that invite unsuspecting users into loading a weaponized macro script.

Top Vulnerabilities Reported in the Last 24 Hours
Android vulnerability
The Android vulnerability aka Janus (CVE-2017-13156), allows attackers to modify the code of Android apps without affecting their signature. This allows them to distribute malicious update for the legitimate apps. An attacker can leverage these issues to gain sensitive information, execute arbitrary code or gain elevated privileges.

Internet security alert
The 'Internet Security Alert! Code: 055BCCAC9FEC' pop-up windows are not legitimate security warnings from Microsoft Corp. despite their appearance. The alert warns the user of a presence of virus on their system and display a Windows Technical Support number to call on. The warning is generated through browser extensions that are promoted through untrusted domains.

OpenSSL read/write error
The flow is related to an “error state” mechanism introduced with OpenSSL 1.0.2b. The mechanism is designed to trigger an immediate failure if there is an attempt to continue a handshake after a fatal error has occurred.



Tags


    • Share this blog:
    To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.