Cyware Daily Threat Intelligence December 21, 2017

GnatSpy malware
GnatSpy, a new mobile malware family, has been identified with several improvements from the earlier versions which makes this malware more modular and advanced. It now comes with new features like more receivers and services making it more capable. The new code uses Java annotations and reflection methods more often, which helps it to avoid detection and get installed in the system.

Emotet Trojan
Emotet is a banking Trojan that can steal data by eavesdropping on network traffic. It is also able to download and run additional malware on the affected system. It is commonly spread by email, both using infected attachments as well as by embedded URLs in the email that download this Trojan.

NiceHash cryptominer
Cybercriminals are using social engineering skills to install cryptocurrency miners on users’ computers. They dupe innocent users to download various types of free software which on installation, carries out the mining work without the users’ consent. Lexmark printer vulnerability
In an incident where hundreds of Lexmark printers were misconfigured, hackers could easily access the printers and control it to fulfill their malicious ambitions. The devices were open to the public internet and easily accessible to anyone because it lacked an administrative password.

VMware patched
Multiple security vulnerabilities were recently addressed by VMware for ESXi, vCSA, Workstation and Fusion products. These flaws can be exploited by the attackers for an arbitrary code execution.

vBulletin patches
Recently, vBulletin patched two earlier disclosed vulnerabilities that could be exploited by a remote attacker to execute arbitrary code and delete files from the server. Flaws fixed include patches for file inclusion and file deletion issue. Another cyberattack campaign
Recently, it has been reported that a new cyberattack campaign targeting organizations in the Middle East is unleashed. Earlier in the month, hackers likely working for a nation-state breached safety system at a critical infrastructure facility, in a watershed attack that halted plant operations in the Middle East.

EtherDelta website hacked
Users have been warned by the decentralized cryptocurrency exchange — EtherDelta — to not open the site as hackers could steal their funds. The warning came as malicious attackers gained temporarily access to @etherdelta DNS server.

WordPress site under brute force attacks
A massive brute-force campaign has targeted WordPress sites. During the attack, hackers attempted to guess admin account logins to install a Monero miner on compromised sites. Brute-force requests originated from over 10,000 unique IP addresses and targeted around 190,000 WordPress sites per hour.