Go to listing page

Cyware Daily Threat Intelligence, January 13, 2022

Cyware Daily Threat Intelligence, January 13, 2022

Share Blog Post

The hide-and-seek game between security experts and threat actors is becoming complicated as the latter continue to adopt new tactics. There have been many such dangerous developments in the last 24 hours. OceanLotus aka the APT32 hacking group has reprogrammed its evasion technique by using web archive files to deploy backdoors. In another instance, a relatively inactive TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier for threat actors to target a wide range of operating systems, including macOS and Linux.

That’s not all! The Magniber ransomware was also spotted using digitally signed certificates for Chrome and Edge web browser updates to infect systems. Unfortunately, Windows understands them as trusted files and does not trigger a warning.

Top Breaches Reported in the Last 24 Hours

TransCredit suffers a data breach
A misconfigured database owned by TransCredit had exposed 822,789 records of users in America and Canada. This included full names, payment history, email addresses, Tax ID numbers, Social Security Numbers (SSNs), Employee Identification Numbers (EIN), and banking information. The incident was discovered in September 2021.

OceanLotus improves its evasion tactic
With an aim to evade detection, the OceanLotus threat actor group is now using the web archive file format to deploy backdoors on compromised systems. The attack chain starts with a RAR compression of a 35–65 MB file containing a malicious Word document.

Take over of FIFA 22 accounts
Cybercriminals are using social engineering tactics to take over accounts of players associated with the Electronic Arts video game FIFA 22. So far, less than 50 accounts have been affected by the attack.

Top Malware Reported in the Last 24 Hours

TellYouThePass ransomware revamped
The TellYouThePass ransomware has been revamped as a Golang malware to enable its attackers to launch attacks against multiple operating systems, including macOS and Linux. The ransomware was spotted exploiting the Log4Shell vulnerability last month.

Magniber ransomware spotted
The Magniber ransomware used Windows application package files signed with valid certificates to infect systems. As part of the infection chain process, the visitors were lured to visit a website that pretended to offer updates for Chrome and Edge web browsers.

Top Vulnerabilities Reported in the Last 24 Hours

Apple fixes DoorLock vulnerability
Apple has rolled out software updates for iOS and iPadOS to fix the DoorLock vulnerability that can lead to DoS attacks. Tracked as CVE-2022-22588, the flaw exists in HomeKit, the API used for connecting smart home devices to iOS applications. The flaw can be triggered by sending a maliciously crafted HomeKit accessory name.

Microsoft to fix an RCE flaw
Microsoft is working on a security patch for an RCE vulnerability affecting macOS. Tracked as CVE-2022-21840, the flaw can be exploited to execute malicious code remotely on vulnerable systems. Meanwhile, the firm has issued security updates, addressing the same flaw for Windows systems.


oceanlotus apt32
doorlock vulnerability
tellyouthepass ransomware
magniber ransomware

Posted on: January 13, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.