Cyware Daily Threat Intelligence July 03, 2018

SmokeLoader malware
A new version of the SmokeLoader malware has been discovered by security researchers from Cisco Talos. This new version has been seen using the PROPagate Injection technique for the first time. The campaign uses malicious email attachments to spread. This Word document has a macro embedded.

Malware in Fortnite cheating app
A new malware that has been used to launch Man-in-the-Middle (MitM) attacks has been discovered in Fortnite cheating apps. These apps provide the software that allows players to cheat at the game. The app, now removed, had over 78,000 downloads and it may be hosted in multiple locations.

Nozelesn ransomware
A ransomware, that encrypts a user's files and appends the .nozelesn extension, has been discovered targeting Poland. Once infecting a system, it creates a a ransom note that contains instructions on how to login to a TOR payment server at lyasuvlsarvrlyxz[.]onion to receive instructions. Facebook bug
A vulnerability has been detected in Facebook that affected more than 800,000 users. The bug allowed blocked users to check published posts and also send messages through Messenger. The bug was reportedly active between May 29 and June 5. Facebook fixed the issue.

Authentication bypass bug in Dell
A new flaw, tracked as CVE-2018-11052, has been discovered affecting Dell EMC ECS versions 3.2.0.0 and 3.2.0.1. This authentication bypass flaw can potentially be exploited by malicious users to compromise the affected ECS system. Customers are advised to apply the patch by opening a Dell EMC ECS service request.

DeepLink Element in Windows 10
An infection vector has been discovered by researchers that allows attackers to embed a specially-crafted settings file into an Office document. Thus attackers can trick a user to run malicious code without any further warning or notification. This allows shell command execution via a file open step.