Cyware Daily Threat Intelligence December 14, 2017

Crypto Monitor malware
Recently, security researchers have discovered several banking Trojan samples on Google Play, targeting Polish banks. The malware is disguised as “Crypto Monitor”, a cryptocurrency price tracking app. Remove the malicious apps by going to Application manager, searching for the malicious apps and uninstalling them.

Emotet Infostealer
In another discovery, security researchers have identified a new variant of Emotet infostealer malware — a variant of the Feodo Trojan family. The latest campaign targets various industries including manufacturing, and in the US, United Kingdom, and Canada. Users are advised to be extra vigilant with emails that contain attachments and URL links.

Chrome extension malware
A browser extension dubbed TheMovie-Hub.net Chrome Extension is being promoted as an extension that helps users’ movie watching decision. It claims to offer the latest news, trailers, and clips of the movies. However, the extension is classified as a Potentially Unwanted Program (PUP) that may lead to browser hijacking. DirecTV flaws
In a recent discovery, security researchers have detected flaws in AT&T's DirecTV wireless kit firmware. This can be exploited by malware to install hidden backdoors on the home network equipment. The devices are potential nodes to perform surveillance or man-in-the-middle attacks with any other device.

MMPE vulnerabilities
A remote code execution vulnerability existing in Microsoft Malware Protection Engine leads to memory corruption. Attackers can use specially crafted files to exploit the vulnerability and compromise a system.

PAN-OS flaws patched
A slew of updates is released for Palo Alto Networks PAN-OS security platform which had high severity flaws. These vulnerabilities can be exploited by hackers for remote code execution and command injections. School fee scam
Cyberdecider, a website which provides information about cyber insurance policy, has reported that UK schools are becoming one of the top targets of cyber-criminals. The parents receive phishing emails about the payment details for the school fees. In this way, they are deceived to click on the link shown in the email.

Political ad scam
An independent news site has observed more than a dozen politically themed advertisements are exploiting political polarization to sell products. Since the site’s launch, it is monitoring the paid political messages on the Facebook — the world’s largest social network.