Go to listing page

Cyware Daily Threat Intelligence July 29, 2021

Cyware Daily Threat Intelligence July 29, 2021

Share Blog Post

Cybercriminals are aggressively rebranding their malware, which serves as an indicator for more sophisticated attacks in the future. The DoppelPaymer ransomware now goes with a new name of Grief aka Pay ransomware that has more than two dozen victims added to its list of targets. In a similar vein, the lesser-known Oscorp malware has evolved as the new UBEL Android botnet that is capable of pilfering SMS messages, login credentials, and audio recordings from users’ devices.

Meanwhile, the source code of Brunhilda malware has been reused to create a new Vultur Android malware that has affected between 5,000 and 8,000 users, so far.

Top Breaches Reported in the Last 24 Hours

Data leaked
The personal information of British Columbians has been leaked online after a data breach at Homewood Health. The affected clients include BC Housing, Translink, and the Provincial Health Services Authority. Some of these stolen data has been put for auction on the Marketo dark web.  

Top Malware Reported in the Last 24 Hours

Oscorp evolves
A mobile malware Oscorp has been renewed as the new UBEL Android botnet that is being sold for a price of $980 on underground forums. The capabilities include reading and sending SMS messages, stealing audio recordings, installing and deleting applications, and amassing login credentials and two-factor authentication codes from the device. 

New Vultur malware
A newly discovered Vultur Android malware has been found allowing threat actors to record keystrokes and steal app passwords. The malware shares similarities with the Brunhilda malware. So far, Vultur has infected between 5,000 and 8,000 users.

DoppelPaymer rebrands itself
Threat actors have rebranded DoppelPaymer ransomware as Grief aka Pay ransomware to expand their attack operation. DoppelPaymer had gone underground in mid-May, only to re-emerge as Grief ransomware in June. Researchers came to the conclusion after observing the tactics and techniques used by both the ransomware.    
Agent Tesla spotted
New reports show that attackers are using the XAMPP web server solutions stack to host Agent Tesla and Formbook malware. The impacted four hosts were found running Windows and SMB servers. 

Top Vulnerabilities Reported in the Last 24 Hours

Flawed open-source projects
Researchers have discovered nine security flaws in three open-source projects: Akaunting, EspoCRM, and Pimcore. These flaws can be abused to execute arbitrary JavaScript code, take control of operating systems, and trigger a DoS condition. 

A critical flaw in Hyper-V
A critical flaw in Microsoft Hyper-V can allow attackers to trigger a DoS condition or execute arbitrary code on systems. The flaw resides in Microsoft Hyper-V’s network switch driver. It affects Windows 10 and Windows Server 2012 through 2019. The flaw is tracked as CVE-2021-28476 and has a CVSS score of 9.9. 

Foxit addresses multiple flaws
Foxit has released security updates for its PDF Reader and PDF Editor applications to address multiple vulnerabilities. Three vulnerabilities tracked as CVE-2021-21831, CVE-2021-21870, and CVE-2021-21893 can lead to remote code execution attacks. Other vulnerabilities addressed are related to use-after-free vulnerabilities.

RCE flaw in Moodle platform
A critical RCE vulnerability affecting the popular e-learning platform Moodle can be abused to allow access to students’ data and test papers. The flaw resides in Moodle’s Shibboleth authentication module and has now been patched.

Vulnerable IP cameras
IP cameras sold by a dozen vendors are vulnerable to remote assaults due to a slew of serious and high-severity flaws affecting UDP Technology firmware. Eleven of these flaws are related to remote code execution issues and one authentication bypass vulnerability. Attackers can abuse the vulnerability to take complete control of cameras. 


ubel android botnet
agent tesla rat
grief ransomware
microsoft hyper v
oscorp malware
vulture android malware

Posted on: July 29, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.