Go to listing page

Cyware Daily Threat Intelligence, February 18, 2021

Cyware Daily Threat Intelligence, February 18, 2021

Share Blog Post

Cybercriminals have your businesses in their crosshairs. They are now after the latest generation Mac devices powered by ARM-based M1 chips. For this, a custom-made malware called GoSearch22, distributed in the form of an extension, is being used.

A two-year-long cryptojacking operation launched by the WatchDog botnet has also grabbed the attention of researchers. The attackers had used 33 different exploits to target 32 vulnerabilities in Drupal, Elasticsearch, Redis, SQL Server, ThinkPHP, Oracle WebLogic, and 
Spring Data Commons.

And, the list continues with the unraveling of a new variant of Masslogger trojan that steals Microsoft Outlook, Google Chrome, and Messenger service account details.

Top Breaches Reported in the Last 24 Hours

Singtel’s customers impacted
Singtel has revealed that 129,000 customers were impacted by a recently disclosed breach. This also includes some employees, partners, and corporate customers. The incident occurred after the malicious party gained access to a legacy file-sharing system used by the customers of the organization.

SolarWinds attack hit 100 firms
A new report from the White House has revealed that the SolarWinds hack had breached almost 100 U.S. companies, making them potential targets for follow-up attacks. These firms were using the tainted Orion product from SolarWinds.

Faulty PACS system
Vulnerabilities in the PACS system had left patient data at risk of unauthorized access for more than a year. Names, birth dates, types of image procedures, and study numbers of about 100,000 patients were available from July 2019 to December 2020.

$20 million ransom for KIA Motors
Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang. Following the attack, the gang has demanded a ransom of $20 million to decrypt files and not leak them online. The attack has affected the company’s mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites.

Top Malware Reported in the Last 24 Hours

GoSearch22 adware
A Safari adware extension called GoSearch22 is the first-ever malware designed to target Macs powered by ARM-based M1 chips. Distributed as an extension, the adware is a variant of the Pirrit advertising malware. The malware is capable of collecting browser data and serves a large number of ads, such as banners and popups.

WatchDog botnet
Researchers have tracked a cryptojacking campaign that was active for almost two years and involved the use of the WatchDog botnet. The operators had used 33 different exploits to target 32 vulnerabilities in Drupal, Elasticsearch, Redis, SQL Server, ThinkPHP, Oracle WebLogic, and 
Spring Data Commons.

New Masslogger trojan strain
A new variant of the Masslogger trojan is being used in attacks aimed at stealing Microsoft Outlook, Google Chrome, and Messenger service account details. The campaign is currently focused on victims in Turkey, Latvia, Spain, Bulgaria, Hungary, Estonia, Romania, and Italy.

Top Vulnerabilities Reported in the Last 24 Hours

Buggy Ninja Forms plugin
Four flaws discovered in the Ninja Forms WordPress plugin can allow attackers to perform site takeover, install arbitrary add-ons, redirect site owners to malicious destinations, and hijack emails. The owner of the plugin has patched all four bugs in version 3.4.34.1.

 Tags

cryptojacking operation
watchdog botnet
arm based m1 chips
masslogger trojan
singtel
gosearch22 adware

Posted on: February 18, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.