Cyware Daily Threat Intelligence, March 10, 2020

Share Blog post

It looks like malware authors are unfazed by Google Chrome’s new encryption process. With the recent release of Chrome 80 - that uses the AES-256 algorithm to encrypt users’ cookies and passwords - malware authors have come up with new versions of four infostealer malware to disrupt the encryption process. The malware in question are Raccoon, Redline, KPot, and AZORult.

The past 24 hours also witnessed a new variant of TrickBot trojan that is being distributed via malicious MS Word documents. The new version uses several anti-analysis techniques to evade detection from anti-virus software while carrying out its malicious activities. Apart from this, a widespread campaign that makes use of the COVID-19 threat has also been reported by security experts. The campaign uses a fake ‘COVID-19 detection map’ app to infect users with AZORult trojan that is capable of stealing a wide range of sensitive data.

Top Breaches Reported in the Last 24 Hours

European power grid hacked
The European Network of Transmission System Operators for Electricity (ENTSO-E) recently found evidence of a successful cyber intrusion into its office network. The incident has compromised its IT network but the firm confirmed that it did not affect its critical control systems. A risk assessment has been performed and contingency plans are now in place to reduce the risk and impact of any further attacks.

Revista Factum attacked
The website of Revista Factum was under a prolonged DDoS attack from October 2019. The attack was part of a wider campaign to discredit the media.

Top Malware Reported in the Last 24 Hours

Fake Coronavirus Map app
Cybercriminals are leveraging a fake ‘Coronavirus Map’ app to trick users into providing their user names, passwords, credit card numbers, and other sensitive information. The campaign uses the infamous AZORult trojan that is capable of scraping victims’ data and acting as a downloader to drop additional malware. In a different incident, Google has removed AC19, Iran’s national COVID-19 detection app, following the reports on its spying capabilities on Iranians.

njRAT returns
A group of hackers believed to reside in Vietnam has been infecting hacking tools with a version of the njRAT malware to trick fellow hackers and gain access to their computers. The widespread hacking campaign aims at hijacking hackers’ machines which later can be used for anything from conducting DDoS attacks to stealing sensitive data.

A new variant of TrickBot
Researchers have analyzed a new variant of the TrickBot trojan that spreads via Microsoft Word documents. The Word document prompts the victims to click on the ‘Enable Content’ button which in turn unleashes malicious macros that initiate the download of the trojan. The new version of the trojan includes several anti-analysis techniques besides its data-stealing abilities.

Malware enhanced to overcome Chrome 80
Malware authors have upgraded the capabilities of four infostealers to overcome the new security feature of Google Chrome 80. Chrome version 80 includes the AES-256 algorithm to encrypt cookies and passwords in the browser. However, AZORult, KPot, Raccoon, and Redline have been enhanced to adapt to Chrome 80’s new mechanism and steal protected information.

Top Scams Reported in the Last 24 Hours

SMS-OTP phishing
A new phishing page that informs users in France about fake Netflix service disruptions is doing rounds on the internet. The phishing page prompts victims to provide their payment details to prevent account lockout. The main purpose of the campaign is to target payment cards using the 3-D Secure system, which was created to combat online fraudulent transactions. To accomplish this, scammers prompt victims to submit their SMS OTP passcode. Once a victim submits all their information and authenticated the OTP, the payment data is sent to an email address controlled by scammers.

Phishing scam uses chatbot
A new phishing scam that pretends to be a refund notification for unused Internet and cellular services has been found targeting Russian users. The scam utilizes a customer service chatbot that prompts victims to fill out various forms through which scammers can steal their credit card numbers and bank account information.

Sextortion scam
A sextortion scam that infects the targets with the Raccoon information stealer has been identified recently. The scam involves scammers sending emails to victims that include access to alluring pics of a friend’s girlfriend. The emails are sent with different subject lines such as "Mail belonging to your colleague has been stolen," "Private info belonging to your friend has been stolen", "Your colleague’s account was compromised," or "We have got access to your friend’s account."

 Tags

fake coronavirus map app
njrat malware
sextortion scam
revista factum
trickbot trojan
fake netflix service

Posted on: March 10, 2020

Get the Daily Threat Briefing delivered to your email!


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.


Join Thousands of Other Cyware Followers!