Cyware Daily Threat Intelligence February 20, 2018

Bitcoin-mining malware
Scammers are launching campaigns to inject malicious scripts in various websites in order to spread Bitcoin-mining malware. Legitimate websites, like WordPress, Joomla etc., have been affected. The malicious domains associated with this spam campaign are hosted on the malicious server 212.224.118[.]40.

Coldroot RAT
Security researchers have discovered that Coldroot remote access Trojan that is going undetected by AV engines and is targeting MacOS computers. This is a cross-platform RAT, used to plant a keylogger on macOS systems older than OS High Sierra and steal victims' banking credentials. Bugs in Dell EMC platform
Nine security bugs have been spotted in Dell EMC’s Isilon OneFS platform, that could allow cyber criminals to access the Isilon systems remotely. The bugs were found in web console of the Isilon OneFS platform and made the console vulnerable to XSS flaws.

Vulnerabilities in Network Management Software
Multiple security issues were discovered in the Ipswitch WhatsUp Gold, a software that is used to analyze network traffic. A remote attacker could leverage one of the vulnerabilities— incorrect configuration of a TFTP server tagged CVE-2018-5777—to execute arbitrary commands in the server’s operating system. The other vulnerability--dubbed CVE-2018-5778--allows attackers to perform an SQL attack. Tax payers hit again
Scammers are now targeting the systems of tax payers to file phony refund requests and trick IRS (Internal Revenue Service) into refunding the bank account. Here, criminals get IRS to believe that the refund request is genuine and once refund gets initiated, into the bank accounts of the taxpayer, the criminals swindle them.

Author impersonation on Amazon
Imposters have been stealing Social Security Numbers of authors to publish fake books on Amazon and earn money in the form of royalties. Several bogus publications are currently active on Amazon under the pretense of false authors.