Cyware Daily Threat Intelligence, January 15, 2021

Share Blog Post

Phishers and their unmatched evasion techniques are growing over the years. In one latest attempt, they have actively started leveraging remotely hosted images to bypass email filters. Researchers explain that unlike embedded images, downloading remote images from the host website is effective in bypassing security solutions.

Furthermore, a new and unique phishing kit that leverages a QR code has been found targeting customers in Brazilian banks. To convince the victim, the attacker uses a fake diagnostic page that pretends to be from Banco Itau Empresas.

Top Malware Reported in the Last 24 Hours

An undocumented Chinese malware
Researchers have disclosed a series of attacks by undocumented Chinese malware against firms in Hong Kong and Russia. The campaign has been attributed to Winnti or APT41.   

Unique phishing kit disclosed
A unique phishing kit that has a QR code embedded within has been found on a website. The phishing kit currently targets Banco Itau Empresas customers in Brazil. To convince the victim, the attacker uses a fake diagnostic page that pretends to check if the victim has the Banco Itau Empresas installed for secure access to their banking account.

Google removes 164 Android apps
Google has removed around 164 Android apps from its official Play Store for showing out-of-context ads. Most of these 164 apps mimicked more popular apps, copying both functionality and names from more established apps in order to garner quick downloads. These apps have garnered more than 10 million downloads in total.

Phishers leverage remotely hosted images
As a part of the latest defensive technique, phishers are leveraging remotely hosted images as the latest trick to bypass email filters. Researchers explain that unlike embedded images, remote images are effective in distracting security solutions.

Top Vulnerabilities Reported in the Last 24 Hours

XSS flaw in Apache Velocity Tools
An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by attackers to target government sites, including NASA. Tracked as CVE-2020-13959, the flaw exists in how the VelocityViewServlet view class renders error pages.

Flawed F5 BIG-IP Systems
A vulnerability in a BIG-IP product from F5 Networks could be abused to launch remote DoS attacks. The flaw is related to a component named Traffic Management Microkernel (TMM) and is assigned with the identifier CVE-2020-27716.

Top Scams Reported in the Last 24 Hours

Cryptocurrency giveaway scam
Threat actors have been found actively hacking verified Twitter accounts in an ongoing Elon Musk cryptocurrency giveaway scam. In 2018, scammers had raised $180,000 through such scams. In this attempt, the attackers are likely targeting dormant verified accounts so as to go undetected by the owner of the accounts. From the cryptocurrency wallet addresses collected from landing pages, the threat actors have earned $587,000 in bitcoins.


phishing kit
cross site scripting xss flaw
android apps
apache velocity tools
cryptocurrency giveaway scam
f5 big ip systems

Posted on: January 15, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!