Cyware Daily Threat Intelligence, February 18, 2021

Cybercriminals have your businesses in their crosshairs. They are now after the latest generation Mac devices powered by ARM-based M1 chips. For this, a custom-made malware called GoSearch22, distributed in the form of an extension, is being used.

A two-year-long cryptojacking operation launched by the WatchDog botnet has also grabbed the attention of researchers. The attackers had used 33 different exploits to target 32 vulnerabilities in Drupal, Elasticsearch, Redis, SQL Server, ThinkPHP, Oracle WebLogic, and 

Spring Data Commons.

And, the list continues with the unraveling of a new variant of Masslogger trojan that steals Microsoft Outlook, Google Chrome, and Messenger service account details.

Singtel has revealed that 129,000 customers were impacted by a recently disclosed breach. This also includes some employees, partners, and corporate customers. The incident occurred after the malicious party gained access to a legacy file-sharing system used by the customers of the organization.

A new report from the White House has revealed that the SolarWinds hack had breached almost 100 U.S. companies, making them potential targets for follow-up attacks. These firms were using the tainted Orion product from SolarWinds.

Vulnerabilities in the PACS system had left patient data at risk of unauthorized access for more than a year. Names, birth dates, types of image procedures, and study numbers of about 100,000 patients were available from July 2019 to December 2020.

Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang. Following the attack, the gang has demanded a ransom of $20 million to decrypt files and not leak them online. The attack has affected the company’s mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites.

A Safari adware extension called GoSearch22 is the first-ever malware designed to target Macs powered by ARM-based M1 chips. Distributed as an extension, the adware is a variant of the Pirrit advertising malware. The malware is capable of collecting browser data and serves a large number of ads, such as banners and popups.

Researchers have tracked a cryptojacking campaign that was active for almost two years and involved the use of the WatchDog botnet. The operators had used 33 different exploits to target 32 vulnerabilities in Drupal, Elasticsearch, Redis, SQL Server, ThinkPHP, Oracle WebLogic, and 

Spring Data Commons.

A new variant of the Masslogger trojan is being used in attacks aimed at stealing Microsoft Outlook, Google Chrome, and Messenger service account details. The campaign is currently focused on victims in Turkey, Latvia, Spain, Bulgaria, Hungary, Estonia, Romania, and Italy.

Four flaws discovered in the Ninja Forms WordPress plugin can allow attackers to perform site takeover, install arbitrary add-ons, redirect site owners to malicious destinations, and hijack emails. The owner of the plugin has patched all four bugs in version 3.4.34.1.