Cyware Daily Threat Intelligence January 16, 2018

MaMi malware
A malware that targets Mac OS X users, named MaMi, has been found. It is a rehash of an old Windows DNS hijacker. MaMi is capable of DNS hijacking, capturing screenshots, simulate mouse events, upload/download files, and execute arbitrary code.

RubyMiner
A new strain of cryptocurrency miner, dubbed RubyMiner, was discovered by security researchers. The malware was found to be affecting outdated web servers. Attackers spread this malware by hiding it in robots.txt files. Here, hackers clear all the cron jobs and add malicious cron job which downloads a script, that installs modified version of the legitimate XMRig Monero miner application. Flaw in BitTorrent
Google's Project Zero researchers found a critical flaw in Transmission BitTorrent app that allows websites to execute malicious code on some users' computers. By exploiting this vulnerability, attackers can command Transmission to download a Torrent called ".bashrc" which would automatically be executed the next time the user opened a bash shell.

Several vulnerabilities in Phoenix Contact
A series of security flaws have been found in Phoenix Contact’s FL Switch industrial Ethernet switches. These are authentication bypass and information exposure flaws. One of these flaws (CVE-2017-16743) has been assigned a CVSS score of 9.8, adding it in the “critical severity” category.

SCADA App Vulnerabilities
It has been found that mobile apps used by SCADA Industrial Control Systems, have 147 security vulnerabilities. The test has been done on 34 ICS apps from Google Play. Of these mobile apps, 32 of them lacked root or code protection, 20 had poor authorization, 20 implemented insecure data storage, and 18 lacked obfuscation.