Go to listing page

Cyware Daily Threat Intelligence, March 19, 2021

Cyware Daily Threat Intelligence, March 19, 2021

Share Blog Post

The hide-and-seek game between security experts and threat actors is becoming complicated as the latter continue to refine their evasion techniques. Shedding light on this aspect, researchers have demonstrated a new form of steganography technique that makes use of PNG files posted on Twitter. Threat actors can exploit the method to hide their nefarious activities while delivering malicious payloads in the form of ZIP and MP3 files.

Users of major service providers, including Amazon, Google, Apple, and Facebook, are now being targeted by the new CopperStealer malware that shares similarities with the SilentFade malware. The malware is capable of harvesting passwords and cookies from affected accounts. In other news, an ongoing highly-sophisticated phishing campaign that targets C-suite executives and financial departments has been found to be active since December 2020.

Top Malware Reported in the Last 24 Hours

OnionCrypter gets popular
Researchers have discovered that more than 30 hacker groups have been using a malware crypter dubbed OnionCrypter. Written in C++, the malware crypter uses three layers of encryption process. Some of the known malware that used the OnionCrypter include Lokibot, Zeus, AgentTesla, and Smokeloader.

New CopperStealer malware
CopperStealer is an actively developed password and cookie stealer that targets the users of major service providers including Google, Facebook, Amazon, and Apple. The threat actors behind the malware are using compromised accounts to run malicious ads and deliver additional malware in subsequent malvertising campaigns. CopperStealer shows similar targeting and delivery methods with the SilentFade malware.

Top Vulnerabilities Reported in the Last 24 Hours

Vulnerable travel apps
Around 20 popular travel apps are at risk of exposing data due to several misconfiguration issues. These apps are mainly related to booking and ride-sharing apps. The data that could be exposed includes bank account numbers, phone numbers, home addresses, credit card details, healthcare data, and dates of birth.

New steganography method
Security researchers have discovered a new type of steganography technique that involves hiding data inside a PNG image file posted on Twitter. Threat actors can exploit the method to obscure their nefarious activities on social media platforms.

Cisco issues fixes
Cisco has issued fixes for a vulnerability existing in the RV132WADSL2 Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN routers. The flaw (CVE-2021-1287) could allow attackers to execute code or restart affected devices unexpectedly. It stems from an issue in the routers’ web-based management interface.

Top Scams Reported in the Last 24 Hours

Tesco impersonated
Police in Wales issued a warning about a new phone scam in which fraudsters are impersonating supermarket giant Tesco. Victims have reported receiving calls that inform them that an order with Tesco has been placed and that £350 (~$487) will be debited from their account. The ultimate purpose of the scam is to pilfer personal and bank details from users.

Phishing campaign
A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives assistants and financial departments across numerous industries. In this campaign, which began in early December 2020, threat actors are leveraging phishing kits and a number of sophisticated methods at every step of the attack.

 Tags

steganography technique
c suite executives
copperstealer malware
silentfade malware
onioncrypter

Posted on: March 19, 2021


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.