Go to listing page

Cyware Daily Threat Intelligence, December 24, 2021

Cyware Daily Threat Intelligence, December 24, 2021

Share Blog Post

The holiday season is here. Let's ensure that the guards on our systems remain intact during this vulnerable time. In the past 24 hours, threat actors have put a new spin on the Babuk ransomware strain by unfolding a new malware dubbed Rook. Since its first appearance on November 30th, the ransomware has claimed its first attack on a Kazakh financial institution by stealing 1123GB of data.

Meanwhile, the exploitation of Telegram has reaped benefits for operators behind the Echelon infostealer recently. The malware, which made a comeback after a long period, was used to steal crypto wallet credentials from Telegram users. On a lighter note, even Spider-Man fans are also being targeted in a Monero mining attack that uses fake movie sites as a lure.

Top Breaches Reported in the Last 24 Hours

Pro Wrestling Tees affected
Pro Wrestling Tees has disclosed a data breach that affected the financial details of 31,000 of its customers. Threat actors had likely used a skimmer malware to steal credit card details along with full names and matching CVV codes.

Top Malware Reported in the Last 24 Hours

New Rook ransomware strain
Researchers have uncovered a new ransomware strain dubbed Rook. It borrows source code from Babuk and has claimed its first attack on a Kazakh financial organization. The gang has reportedly published 1123GB of stolen data on its website. It is primarily delivered via a third-party framework such as Cobalt Strike.

Echelon malware returns
Attackers are targeting crypto wallets of Telegram users in a new espionage campaign delivering Echelon infostealer. The malware is propagated via the Telegram handle ‘Smokes Night.’ It is capable of stealing credentials from multiple messaging and file-sharing platforms such as Discord, Edge, FileZilla, OpenVPN, and Outlook.

New cryptomining campaign
A new Monero mining campaign is taking advantage of the global buzz around the release of ‘Spider-Man: No Way Home’ movie to mine Monero cryptocurrency. Threat actors are luring users with fake movie files that can be downloaded from a Russian torrent website.

CoinSpot targeted
A new phishing campaign targeting the CoinSpot cryptocurrency exchange allowed attackers to steal 2FA codes from users. The emails were sent via a Yahoo address and asked recipients to confirm or cancel a withdrawal transaction. The email body also included details of the transaction amount to add legitimacy to the attack.

Blister malware attack campaign
Threat actors distributing the Blister malware have added a new evasion technique to their attack campaigns. They have disguised the malicious code using valid code-signing certificates to prevent security checks. The campaign has been active since September 15.

Top Vulnerabilities Reported in the Last 24 Hours

Flywheel vulnerable to a flaw
A subdomain takeover vulnerability affecting the Flywheel WordPress hosting platform can allow attackers to wreak havoc by impersonating legitimate websites. The flaw exists due to misconfiguration issues in the platform. As a mitigation measure, end users are urged to audit DNS records.

Apple address a bypass flaw
Apple has addressed a macOS flaw that could have allowed unauthorized apps to circumvent security checks. The flaw, tracked as CVE-2021-30853, has been addressed in macOS 11.6 update.


monero mining campaign
blister malware
echelon infostealer
coinspot cryptocurrency exchange
babuk ransomware strain
rook ransomware

Posted on: December 24, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.