Cyware Daily Threat Intelligence July 16, 2018

New X-Agent variant
Security researchers have uncovered a new variant of the X-Agent malware. The previous variant was a mac malware, however, the new version affects Windows systems. X-Agent is the work of ATP28, which is tied to the Russian intelligence service (GRU). The new variant is written in Delphi and is capable of downloading a second stage payload from the internet and executing it.

Compromised JavaScript delivers cryptominer
Security researchers have discovered that a compromised JavaScript file that contains an additional code to deliver a cryptomining malware. Although the same extra code is also used in numerous other websites, no other malicious incidents were observed.

DanaBot malware targets Australia
A new campaign that leverages compromised FTP servers to distribute phishing emails containing FTP links has been found targets in Australia with fake MYOB invoices. The FTP links drop the DanaBot banking malware, which has recently been observed in multiple campaigns, specifically targeting Australians.  Linux Kernel Image flaws
A vulnerability was discovered in the Linux Kernel, which exists in the fs/f2fs/inode.c source code file. The flaw could allow hackers to cause a denial of service (DoS) condition. The bug could be exploited by mounting and performing operations on a modified F2FS image on a targeted system. Users are advised to update to the latest firmware version of the software to fix the issue. 

cURL buffer overflow bug
Security researchers have uncovered a high severity flaw in the  Curl_smtp_escape_eob function of cURL. The heap-based buffer overflow flaw could allow attackers to remotely execute arbitrary code and cause a denial of service DoS condition. Patches are available for this flaw. It is highly recommended that users update to the latest version of curl.

Libgit2 Integer overflow bug
A bug was discovered in the git_delta_apply function of libgit2, which causes an integer overflow condition. The flaw could allow hackers to bypass bounds checks, which, in turn, could allow them to gain cause a denial of service (DoS) condition and access sensitive data. Users are advised to update to the latest version.