Go to listing page

Cyware Daily Threat Intelligence, February 08, 2022

Cyware Daily Threat Intelligence, February 08, 2022

Share Blog Post

Android users continue to face a blizzard of SMS phishing attacks that are now being used to deliver two powerful trojans - Medusa and Flubot. While Medusa is actively targeting users in Canada, Turkey, and the U.S., a new variant of Flubot has been found being deployed against users in Europe. So, beware of any SMS text message that prompts you to install fake versions of a DHL app or Flash Player.

In another threat, malware called SharpStage has also been modified to meet cybercriminals’ malicious intent. The SharpStage backdoor has been rebranded as NimbleMamba to target the Middle Eastern government and think tanks. Amidst these emerging threats, there’s a piece of good news for the victims affected by the TargetCompany ransomware. Avast has released a decryption utility to recover files encrypted by ransomware for free. 

Top Breaches Reported in the Last 24 Hours

Puma hit by ransomware
Data of over 6,000 Puma employees was stolen following a ransomware attack in December 2021 that hit HR management platform Ultimate Kronos Group (UKG). The theft of the data was confirmed by Kronos on January 7. In its notification, Kronos informed that the attackers had accessed its cloud-based environment before deploying the ransomware.

Top Malware Reported in the Last 24 Hours

Android trojans detected
New attack campaigns that target Android users with Flubot and Medusa trojans have been uncovered by researchers. Both the malware are distributed via SMS phishing infrastructures that prompt users to install a missed package delivery app or fake version of Flash Player. While Medusa has so far infected 1,500 devices with targets in Canada, Turkey, and the U.S., Flubot has evolved to target users across Europe.

Free decryptor for TargetCompany ransomware
Avast has released a decryption utility to recover files encrypted by TargetCompany ransomware for free. The decryptor works by cracking the password that has been appended to the encrypted files.

New NimbleMamba malware spotted
A threat actor tracked as Molerats has been associated with a new campaign that leverages a previously undocumented implant named NimbleMamba. The sophisticated attack campaign has targeted Middle Eastern governments, foreign policy think tanks, a state-affiliated airline, and a security firm. The new malware is believed to be an upgraded version of the SharpStage backdoor.

Top Vulnerabilities Reported in the Last 24 Hours

API flaw in DPD fixed
An unauthenticated API call vulnerability in DPD Group’s packaging tracking system could have been exploited to access the personally identifiable details of its clients. This could have exposed a person’s full name, email address, and mobile phone number. The issue was notified to DPD in September 2021, following which a fix was pushed in October 2021.


sharpstage backdoor

Posted on: February 08, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.