Cyware Daily Threat Intelligence June 19, 2018

HeroRAT
A new family of Android RAT (Remote Access Trojan) has been discovered by security researchers. Dubbed HeroRat, the trojan has been abusing the Telegram protocol for command and control and data exfiltration. The malware is using third-party app stores, social media and messaging apps to spread itself.

Betabot Trojan
A new trojan, dubbed Betabot, has been spreading through a multi-stage attack. The trojan uses malicious Office documents to exploit CVE-2017–11882. Even though this bug was patched by Microsoft in late 2017, several systems are still vulnerable to it. The trojan uses several obfuscation techniques, including posing as a legitimate app, to trick users.

MuddyWater campaign
A new attack method, using malicious Word documents and PowerShell scripts, has been discovered by security experts at Trend Micro. The MuddyWater cyberespionage campaign is used to gather browsing history, exfiltrate passwords, read and write files, log keystrokes, and capture screenshots. Google to patch authentication weakness
An authentication weakness impacting Google Home and Chromecast devices has been discovered. Google is going to release a patch to this weakness by mid-July 2018. Until then, users are advised to isolate their IoT devices by using multi-router solution.

RCE Flaw in Microsoft COM for Windows
A remote code execution (RCE) flaw has been identified in Microsoft COM for Windows. By exploiting this vulnerability, hackers can use a specially crafted file or script to perform actions. The flaw is caused when Microsoft COM fails to properly handle serialized objects. A security patch has already been made available for this flaw.

UCMDB server vulnerable
A potential vulnerability, tracked as CVE-2018-6497, has been identified in UCMDB Server. The flaw affects Universal CMDB Server; DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0, and CMS Server 2018.05. Third-party security patches are made available for this issue.