Go to listing page

Cyware Daily Threat Intelligence, June 03, 2021

Cyware Daily Threat Intelligence, June 03, 2021

Share Blog Post

Trojans are causing mayhem. Threat actors are now abusing Google ads to display malicious ads related to AnyDesk, Dropbox, and Telegram apps to distribute a series of trojans that include Redline Stealer, Taurus, Tesla, and Amadey. These ads are found to target specific IP addresses in the U.S. and some other countries.

The last 24 hours also witnessed the discovery of a new version of the Necro Python botnet that targets Linux-based and Windows operating systems. The botnet has added new exploits and mining capabilities to its arsenal.

A new APT group has also come under the lens of researchers. The group, named SharpPanda, has been associated with an ongoing spear-phishing campaign that delivers a new backdoor via RoyalRoad RTF exploit kit.

Top Breaches Reported in the Last 24 Hours

AMT Games accidentally leaks data
AMT Games has accidentally leaked profiles of nearly six million players associated with the Battle for the Galaxy game due to an unprotected Elasticsearch database. The database contained 1.5TB of data. including IDs, usernames, and countries of players.

DDoS-Guard’s data on a sale
A misconfigured database belonging to a bulletproof hosting provider DDoS-Guard has been put on sale on a cybercrime forum. The database contains information such as names, IP addresses, and payment information of the customers. The seller is currently auctioning the entire set at a starting price of $350,000.

Ransomware attack impact
The ticketing system at the Massachusetts Steamship Authority remains offline due to a  ransomware attack that occurred on June 2. However, the company revealed that the issue has not affected the safety of the vessel operations and GPS functionality.

Spear-phishing campaign
An ongoing spear-phishing campaign associated with the China-based SharpPanda APT group has been uncovered by researchers. The campaign targets the Ministry of Foreign Affairs in a Southeast Asia country using an unknown backdoor that is distributed via a document embedded with RoyalRoad RTF exploit kit.

Scripps Health notifies people
Scripps Health is notifying more than 147,000 people about a cyberattack that exposed their personal data. The compromised data included health information, social security numbers, driver's license numbers, and financial information.

Audio House hacked
Electronics retailer Audio House may have had its data stolen in a hack that is suspected to be the work of the Altdos threat actors who attacked Vhive. The group had gained unauthorized access to the servers of the company.

REvil blamed for the attack
The FBI has held the REvil ransomware group responsible for the attacks on JBS Foods firm. The attack had impacted multiple production plants of the company worldwide, including facilities located in the U.S., Australia, and Canada.

Top Malware Reported in the Last 24 Hours

Trojan mayhem
Threat actors have been found poisoning Google ads with malicious packages of AnyDesk, Dropbox, and Telegram apps to distribute a variety of trojans. The trojans are identified as Redline, Taurus, Tesla, and Amadey. These malicious ads target specific IP ranges in the U.S. and some other countries.

Necro Python bot updated
Attackers behind the Necro Python botnet have updated the capabilities of the bot by adding new exploits and mining abilities. The botnet targets Linux-based and Windows operating systems. The bot hides its presence on the system by installing a user-mode rootkit.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable Realtek RTL8170C
A new set of critical vulnerabilities disclosed in the Realtek RTL8170C Wi-Fi module can be exploited to gain elevated privileges on a device and hijack wireless communications. The flaws affect all embedded and IoT devices that use the module. Some of these vulnerabilities are tracked as CVE-2020-27301, CVE-2020-27302, and CVE-2020-9395. The company has patched the flaws by releasing updated firmware versions.

Privilege escalation flaw in USB dongles
A privilege escalation vulnerability identified in Huawei’s USB LTE dongle model E3372 can enable anyone with admin access to obtain a higher level of access or gain improper permissions to shared files.

Cisco details about SMB vulnerabilities
Cisco has released the details about seven SMB-related vulnerabilities patched recently by Apple in its macOS operating system. These flaws exist in SMBX server components and can be exploited by sending specially crafted packets to the targeted server.


royalroad rtf exploit kit
redline stealer
amadey trojan
taurus stealer

Posted on: June 03, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.