Go to listing page

Cyware Daily Threat Intelligence, July 14, 2022

Cyware Daily Threat Intelligence, July 14, 2022

Share Blog Post

Several government organizations and universities are caught in the crosshairs of disparate spear-phishing campaigns. Launched across the globe, the campaigns are active since 2021 and are attributed to different threat actor groups. A variety of trojans such as AsyncRAT, LimeRAT, CrimsonRAT, and ObliqueRAT are being used to exfiltrate sensitive data from victims’ systems. In parallel, Ukrainians also fell victim to a spear-phishing attack that distributed GuLoader malware.

A new ransomware dubbed Lilith has joined the bandwagon of ransomware families supporting double extortion tactics. To start with, the attackers have posted the name of their first victim on their data leak site. Lastly, a new Android malware has infected over 3 million users by masquerading as utility apps.

Top Breaches Reported in the Last 24 Hours

1.9 million patient records exposed
Professional Finance Company recently disclosed a ransomware attack that impacted the private data of around 1.9 million people associated with hundreds of U.S. hospitals, medical clinics, and dental firms. The debt collecting firm revealed that the criminals were able to access files from more than 650 healthcare providers.

Deakin University affected
A data breach at Deakin University impacted the data of almost 47,000 current and past students. The university disclosed that the attackers had leveraged the credentials of a single staff member to access information held by a third-party provider and to forward messages prepared by the university to students via SMS. 

Top Malware Reported in the Last 24 Hours

New Autolycos malware
A new Android malware family named Autolycos was discovered in at least eight Android applications, two of which are still available on the Google Play Store. So far, the malware has infected over 3 million users and is capable of harvesting data from mobile devices.

New Lilith ransomware emerges
A new ransomware family dubbed Lilith has emerged in the threat landscape. It has already posted its first victim on a data leak site created to support double-extortion attacks. The ransomware appends the .lilith extension when encrypting files. 

AsyncRAT targets government agencies
A large-scale spear-phishing campaign that distributes AsyncRAT and LimeRAT has been active since 2021. The campaign uses geopolitical themes to target government agencies in Afghanistan, India, Italy, Poland, and the U.S. Once the trojan is installed, it establishes communication with C2 server to exfiltrate victim data. 

CrimsonRAT targets Indian students 
Transparent Tribe APT is using CrimsonRAT and ObliqueRAT to target universities and colleges in India. The campaign has been ongoing since December 2021 and uses spear-phishing emails as the primary attack vector.

GuLoader malware spotted
A coffee company in Ukraine was targeted by GuLoader malware in a spear-phishing attack. The ultimate goal of the campaign was to deploy additional malware on targeted Windows machines. Previously, the malware loader was used to deploy Agent Tesla, Formbook, and LokiBot.

Top Vulnerabilities Reported in the Last 24 Hours

Adobe releases updates
Adobe has released security updates for Acrobat and Reader, RoboHelp, Photoshop, and Animator products. An attacker can exploit some of these vulnerabilities to take control of affected systems. These flaws are tracked as CVE-2022-23201, CVE-2022-34243, CVE-2022-34244, CVE-2022-34241, and CVE-2022-34242.

SAP issues patches
SAP has announced patches for several vulnerabilities affecting its products. The most severe of these is tracked as CVE-2022-35228 and impacts the central management console of the BusinessObjects business intelligence platform. Other affected products include the Business One NetWeaver Enterprise portal.

VMware addressed a flaw
VMware has addressed an eight-month-old high-severity privilege escalation flaw, tracked as CVE-2021-22048. The flaw can be exploited to gain non-administrative access to vulnerable vCenter server deployments and elevate privileges to the administrator level.

Top Scams Reported in the Last 24 Hours

WhatsApp users tricked
A fake version of WhatsApp is tricking unsuspecting users into sharing their personal information. The victims are promised new features as a lure to install the app. The users are warned to be aware of such tricks and to download the app from legitimate stores.


asyncrat malware
obliquerat malware
lilith ransomware
whatsapp scam
autolycos malware
deakin university

Posted on: July 14, 2022

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.