Go to listing page

Cyware Daily Threat Intelligence, January 24, 2022

Cyware Daily Threat Intelligence, January 24, 2022

Share Blog Post

Be it a large-scale or small-scale firm, cybercriminals spare no one. They are on a constant lookout for opportunities to infect systems and pilfer data, which can be likely used for further attacks. In a newly found threat, researchers have come across a malware packer, dubbed DTPacker, that unleashes a pack of RATs to steal information. Written in .NET, the packer is primarily distributed via phishing emails.

In another unfortunate incident, threat actors compromised 93 vulnerable WordPress themes and plugins to distribute a PHP backdoor in a sophisticated supply chain attack. The backdoor redirected visitors to malware dropping and scam sites. A fresh update on the newly discovered WhisperGate malware reveals that it is more powerful and dangerous than the NotPetya ransomware.    

Top Breaches Reported in the Last 24 Hours

Supply chain attack spotted
Researchers identified a supply chain attack that allowed threat actors to compromise 93 vulnerable WordPress themes and plugins to distribute a PHP backdoor. The malware gave threat actors remote control over the infected sites. As per researchers, the backdoor was designed to redirect visitors to malware dropping and scam sites. It is recommended to update the plugins and themes with the latest versions to prevent infection. 

Top Malware Reported in the Last 24 Hours

DTPacker delivers malicious payloads
A new .NET malware named DTPacker is being used to deliver a variety of remote access trojans and infostealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook. The payload decoding process uses a fixed password containing former U.S. President Donald Trump’s name. One notable campaign, which lasted for weeks, used fake Liverpool Football Club (LFC) sites to lure users to download DTPacker.   

More updates on WhisperGate malware
Researchers from Cisco Talos revealed that the WhisperGate malware is more capable than NotPetya to inflict additional damage against targeted organizations. The newly discovered malware was recently found to be used against at least 70 government websites in Ukraine. Cisco Talos, further, mentioned that the attackers likely had access to the targeted networks for months before causing the damage. 

Top Vulnerabilities Reported in the Last 24 Hours

F5 patches vulnerable BIG-IP
F5, last week, announced patches for 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Thirteen of these flaws were identified as high-severity and carried a CVSS score of 7.5. A majority of these could result in the termination of the Traffic Management Microkernel (TMM). Few others can lead to an increase in memory resource utilization, virtual server freezes, or JavaScript code execution.

CISA updates wildly exploited vulnerabilities
CISA has added 17 more security vulnerabilities to its ‘Must Patch’ list, which are being actively exploited in the wild. Attackers are using them to steal information and credentials, execute malware, access networks, and more. Few of these vulnerabilities are identified as CVE-2021-32648 and CVE-2021-35247.

Top Scams Reported in the Last 24 Hours

New Amazon email scam 
A phishing email scam is targeting Amazon users with a fake subscription message that claims to lock their accounts. In order to convince users, the email leverages the Amazon logo. It goes on to warn users that there was a problem in authorizing the payment for renewing their Prime Membership, as the billing information did not match the information in the card issuer file. The email further asked the recipients to take immediate action to prevent their accounts from being locked. 

 Tags

agent tesla rat
notpetya ransomware
formbook
dtpacker
whispergate malware
asyncrat
php backdoor

Posted on: January 24, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.