Go to listing page

Cyware Daily Threat Intelligence, February 22, 2022

Cyware Daily Threat Intelligence, February 22, 2022

Share Blog Post

The sophistication of mobile malware attacks has taken a front seat in the threat landscape as a staggering 100,000 new mobile banking trojans were detected in 2021. Unfortunately, the situation continues to be grim as researchers detect the new Xenomorph banking trojan targeting Android users. The malware has infected over 50,000 devices across Spain, Portugal, Italy, and Belgium.

Moving on to other threats, a new version of CryptBot is infecting gamers who are falling for pirated software sites offering a free download of games. Additionally, attackers are actively scanning ports for vulnerable MS-SQL servers in an attempt to deploy Cobalt Strike Beacon.

Top Breaches Reported in the Last 24 Hours

Meyer discloses data breach
Cookware and bakeware distribution giant Meyer Corporation disclosed a data breach that affected the personal information of its employees in the U.S. The impacted information includes names, addresses, birth dates, gender, driver’s license, passport numbers, health insurance details, medical information, and Social Security numbers of individuals. The incident was discovered in October 2021.

New supply chain attack discovered
A new supply chain attack, which goes by the codename of Operation Cache Panda, is underway since November 2021. Attributed to the APT10 threat actor group, the campaign targets Taiwan’s financial sector by leveraging a vulnerability in a security software solution. The attackers also made use of credential stuffing attacks as a cover to evade detection and reflective code loading to run malicious code on local systems. Attackers installed a version of the Quasar RAT as part of the attack.

Expeditors International affected
American logistic and freight forwarding company, Expeditors International, was hit by a cyberattack that impacted most of its operations. The attack had impacted the ability to arrange freight shipments or manage customs and distribution activities for customers’ shipments. The company has hired experts to recover from the attack.

Top Malware Reported in the Last 24 Hours

New version of CryptBot spotted
A new version of CryptBot infostealer was found being distributed via pirated software sites that offered free downloads for games and pro-grade software. The operators behind the malware leverage SEO poisoning attacks to increase the visibility of these sites. The malware is capable of stealing browser credentials, cookies, browser history, cryptocurrency wallets, and credit card details.

Xenomorph trojan discovered
A new banking trojan called Xenomorph has infected more than 50,000 Android devices. The trojan was distributed via Google Play Store in the form of fake performance-boosting apps. The trojan is designed to steal sensitive banking details, take control of users’ accounts, and initiate unauthorized transactions.

Top Vulnerabilities Reported in the Last 24 Hours

Another out-of-band patch issued
Adobe has issued an out-of-band patch for a flaw—CVE-2022-24087—that arises due to improper patching of CVE-2022-24086. The emergency patch was released after researchers managed to bypass the previous security patch issued for Magento Open Source and Adobe Commerce. The new flaw, described as an improper input validation vulnerability, has a CVSS score of 9.8.

Vulnerable MS-SQL servers targeted
Attackers are targeting vulnerable MS-SQL servers in an attempt to distribute Cobalt Strike. These vulnerable servers are exploited through brute force and dictionary attacks. In one of the intrusions observed by researchers, attackers were found scanning port 1433 to check for exposed MS SQL servers.

Top Scams Reported in the Last 24 Hours

New phishing tactic
A new phishing technique deciphered by researchers can allow attackers to launch malicious code into a victim’s browser, plant a keylogger, and eavesdrop on users’ activities. The method bypasses the 2FA authentication protocol and can be executed via specially-crafted email that includes a link. Once clicked, it redirects users to a malicious web page.

 Tags

keylogger
xenomorph banking trojan
vulnerable ms sql servers
cryptbot
operation cache panda

Posted on: February 22, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.