Cyware Daily Threat Intelligence December 19, 2017

TelegramRAT
Recently, a new remote access trojan, called TelegramRAT is found to be using cloud-based tools to evade traditional security scanners that cannot inspect SSL or provide cloud application-level traffic inspection. The RAT uses Dropbox as its payload and a Bit.ly redirection to hide the payload. Telegram Messenger is used for command and control.

Loapi malware
A new strain of malware targeting Android phones is capable of performing malicious activities from mining cryptocurrencies to launching DDoS attacks. It can perform many more malicious functions that can cause the battery to bulge and destroy the phone within two days.

Work ransomware
In another discovery, Work Ransomware Trojan is found to be a crypto-threat that was announced to the public some time back. Phishing emails carrying macro-enabled documents and logos of trusted companies deliver the Work Ransomware payload to unsuspecting users. TensorFlow vulnerability
Security researchers have found a significant security loophole in Google’s machine-learning platform TensorFlow. This exposes programmers to malicious attack when editing codes using the platform. If the design professionals use the vulnerable component when coding a robot, the hacker can control the robot through that loophole.

Pilot App vetting project flaws
In another discovery, a pilot project launched by the Department of Homeland Security, (DHS), discovered critical flaws in 18 mobile applications used by public safety officials. The department’s Science and Technology Directorate tested how vulnerable smartphone apps used in the public safety sector are to cyberattack, including ransomware and spyware, and whether certain apps have coding vulnerabilities.

Microsoft Office vulnerability
A remote code execution vulnerability was discovered in Microsoft Office which is being exploited in wild. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. South Korean exchange breached
A South Korean exchange trading Bitcoin and other virtual currencies, named Youbit, declared itself bankrupt recently after being hacked for the second time this year. This shows the risk over cryptocurrencies as they soar in popularity. Youbit has filed for bankruptcy after losing 17% of its asset in the cyber-attack.

Australian health records leaked
In a startling incident, private health records of millions of Australians have been unwittingly exposed by the Department of Health. The records include potential information of various patients — ranging from HIV medicated person to politicians and sportspersons undergoing treatments.