Cyware Daily Threat Intelligence May 01, 2018

GravityRAT
Developers of the GravityRAT have made changes to the trojan, to make it undetectable by antivirus protection systems. Researchers have been tracking this malware with the latest “G2” version spotted two weeks ago. The trojan has been updated to treat modern hardware that doesn't return heat readings as VMs.

FacexWorm steals Bitcoin
Researchers have identified a Bitcoin-hijacking Chrome extension, dubbed FacexWorm. This malware is distributing itself through malicious Facebook Messenger messages. FacexWorm has been designed to only attack Chrome. Users are advised not to click on unsolicited or suspicious messages to stay safe. Windows 10 zero-day flaw
Google Project Zero researchers have published a report disclosing a Windows 10 zero-day vulnerability that can be leveraged to bypass Windows Lockdown Policy. This flaw affects all Windows 10 versions with UMCI enabled. A proof of concept code for the vulnerability has also been released by the security researchers.

Multiple flaws in IBM i
Several security vulnerabilities have been discovered in IBM i middleware components including OpenSSL, DHCP, and Java products. The vulnerabilities include two DHCP flaws, two new OpenSSL vulnerabilities, and 19 Java SE flaws. Updates have been released containing patches to these issues.

Bug identified in fiber routers
An authentication bypass vulnerability has been detected in fiber routers, that can be remotely exploited by modifying the URL in the browser's address bar. Routers vulnerable to this flaw are located on the Telmex network in Mexico, Kazakhstan and Vietnam. The bug lets anyone bypass the router's login page and access pages within. Payment systems targeted
The payment systems of three Mexican banks have been allegedly targeted by hackers. Mexico’s central bank is investigating the case. As per investigations conducted so far, the SPEI infrastructure was not breached. The central bank has also warned that bank payment transfers might slow down as a result.

Leominster schools pay $10K ransom
An unknown hacker has taken over computer systems of schools in the city of Leominster, Massachusetts, using a ransomware attack. The schools were forced to pay thousands of dollars in ransom. As per investigation, the hackers likely found their way into the school department’s computers through an open port.