Cyware Daily Threat Intelligence March 27, 2018

jRAT hides under a Qrypter-as-a-service cloak
jRAT, a Java-based cross-platform Remote Access Trojan (RAT) is being circulated via spam. The Trojan is capable of capturing keystrokes, exfiltrating credentials, taking screenshots and accessing a webcam. Qrypter service is used to download jRAT on target machines.

GoScanSSH malware
A new malware family, called GoScanSSH, has been discovered by security experts. The malware is being used to compromise SSH servers exposed to the internet by using credential brute-forcing attacks. Interestingly, the malware doesn't infect government and military servers.

Slingshot malware
Kaspersky Labs uncovered a malware campaign--working as an active counter-terrorism operation--earlier this month. The campaign was active in various African and Middle Eastern countries. Slingshot infects targets with advanced spyware by leveraging compromised routers and Windows exploits. The adware is capable of providing kernel-level access to screenshots, keyboard activity, network data, USB connections, desktop activity, personal information and more. macOS flaw exposes passwords
A security vulnerability unearthed in the macOS was found revealing passwords used for encrypted APFS external drives in plain text. The bug affects macOS 10.13.1 and can also be found in macOS 10.13.3. No information is available on how Apple is planning to treat this bug.

4G network flaws
Mobile networks are investigating a major security flaw found in the 4G networks, recently. Exploiting this flaw will allow hackers to hijack phone numbers and send spoof calls and texts. These spoofed calls and texts are designed to trick victims into sharing personal information.

CVE-2018-4878 Flash flaw exploited
A watering hole attack has been discovered by security researchers, exploiting the CVE-2018-4878 Flash vulnerability. The attack was launched on a leading Hong Kong Telecom website. North Korean hackers have been exploiting the Flash vulnerability since November 2017. UK Anti-Doping agency hit
Recent reports revealed that the UK Anti-Doping agency (UKAD) was hit by a cyber attack, rendering sensitive information on athletes’ drug tests and medical records under threat. It is being suspected that the Russian hacker group, Fancy Bears is behind the attack. This group had previously hacked the World Anti-Doping Agency’s athlete management database and the US Anti-Doping Agency.

GSA’s website
GSA’s central contractor website became a victim of a fraud scam. A third-party source altered the financial information of some contractors who are registered on the SAM[.]gov portal. It is the third time that the portal failed to secure user information. During the breach, the financial institutions' bank account information was replaced.