Cyware Daily Threat Intelligence February 15, 2018

CoinHoarder campaign
A Bitcoin phishing operation, called CoinHoarder, responsible for a theft of $50 million worth of cryptocurrency was discovered by Cisco researchers. Hackers used Google Adwords to manipulate users' search results and steal wallets credentials. Scammers also targeted the popular bitcoin wallet site blockchain[.]info with a client request magnitude of over 200,000 client queries.

Malicious WordPress plugins
Two rogue WordPress plugins were found that inject obfuscated JavaScript into WordPress websites. The plugins, injectbody and injectscr, generate pop-up ads whenever a visitor clicks on any part of the page. Injectbody and injectscr, share functionalities and file structures, and hide themselves from the list of active plug-ins on the WordPress dashboard.

Satori
The Satori botnet is targeting routers, cameras, and other types of Internet-connected devices into potent tools to launch cyber attacks. It often exploits unpatched firmware to infect a device. New ways to exploit chip flaws
Researchers are discovering new ways of exploiting the Meltdown and Spectre vulnerabilities. The latest exploit techniques, called MeltdownPrime and SpectrePrime, trick multi-core systems into leaking data stored across more than one processor memory cache. They utilize the timing attack techniques called Prime+Probe and Flush+Reload to exploit the cache invalidations and leak victim memory.

Microsoft Outlook bugs
The February patch released by Microsoft rolled out 50 fixes covering vulnerabilities. Two of these vulnerabilities--CVE-2018-0852 (a remote code execution vulnerability) and CVE-2018-0850 (an elevation of privilege bug)--were also targeting Outlook. Exploiting these vulnerabilities would allow hackers to exploit a flaw in Outlook’s incoming mail processing and load a local or remote message store over SMB. WhatsApp scam
A spam message is being circulated in WhatsApp, regarding free Adidas shoes. The message asks users to fill a form--asking for sensitive personal details--in order to win a free pair of Adidas shoes. The message reads: “Adidas is giving away 3,000 Free Pair of Shoes to celebrate its 93rd anniversary. Get your free shoes at: Adidas[dot]com/shoes’[dot]ils.”

Web spam notifications
Emails spams are soon going to be a thing of the past with scammers coming up with new techniques to deliver spam notifications to victims' browsers. This new method is called web notification spam and numerous malicious websites are being setup to run this tactic.