Go to listing page

Cyware Daily Threat Intelligence, May 06, 2022

Cyware Daily Threat Intelligence, May 06, 2022

Share Blog Post

Social media sites are no stranger to scams and nipping these threats in the bud has become challenging. In the past 24 hours, scammers were found leveraging the YouTube platform to advertise malicious sites for crypto scams. In another instance, the same platform became a lucrative channel to promote fake premium unlocked apps that ultimately led to the download of malware, or prompted users to sign up for premium services. Influencing users on Instagram were also locked out of their accounts in a new scheme that was aimed at handing over their credentials to scammers.

Two new malware—named NetDooka and Raspberry Robin—capable of compromising Windows systems and NAS devices, respectively, were also uncovered in the last 24 hours. While NetDooka RAT is distributed via a malware framework with the same name, the Raspberry Robin leverages USB drives to spread across systems.

Top Breaches Reported in the Last 24 Hours


State Bar of Georgia attacked
The State Bar of Georgia is struggling to cope with a cyberattack that crippled its network, website, and email systems. The investigation is ongoing and the organization is yet to determine whether any information was accessed in the attack.

Top Malware Reported in the Last 24 Hours


New NetDooka malware framework
A new malware framework, named NetDooka, is being distributed by PrivateLoader’s Pay-Per-Install (PPI) service. The malware framework features a loader, a dropper, a protection driver, and the powerful NetDooka RAT, enabling threat actors to take full control of devices. Researchers explain that the framework is still under development.

New Raspberry Robin malware
Raspberry Robin is a newly discovered malware strain that is often installed via USB drives. The malware, which was first observed in September 2021 and includes worm-like capabilities, is being used to compromise QNAP devices. It uses Microsoft Standard Installer (msiexec.exe) to reach out to its command-and-control (C2) servers. 

Top Vulnerabilities Reported in the Last 24 Hours


Google patches 36 flaws
Google has released patches for 36 flaws as part of its May 2022 security updates for Android. A total of 11 vulnerabilities affect Pixel devices, including two critical-severity flaws in the bootloader and the Titan-M security chip. The remaining flaws impact Kernel, Mediatek, and Qualcomm components.

Mozilla fixes Firefox vulnerabilities
Multiple vulnerabilities discovered in Firefox and Firefox Extended Support have been addressed by Mozilla. Most of these vulnerabilities could allow threat actors to launch remote code execution attacks. The flaws affect versions prior to 99 and 91.8 of Firefox and Firefox ESR, respectively.

Top Scams Reported in the Last 24 Hours


Cryptocurrency scam
McAfee identified several fake YouTube channels that advertised malicious sites that claimed to double the amount of cryptocurrency invested. The fake channels included short videos from the original live stream called ‘The B Word’ where Elon Musk, Cathie Wood, and Jack Dorsey discussed various aspects of cryptocurrency. To make it look more convincing, the fake sites include a table that is continuously updated with recent transactions.

Fake mobile app unlocker promotion scam
Researchers investigated a site that popped up in between comments on YouTube. The site offered tweaked apps to break into iPhones without having root access. These tweaked apps were promoted under the disguise of OnlyFans Premium, Netflix Premium, and Pokemon Go Spoofer Injector. Once downloaded, these apps could download malicious code, display unwanted surveys, or prompt victims to signup for availing premium services.

Instagram users locked out of their accounts
Scammers are locking users out of their Instagram accounts in a newly found scheme. They attempt to engage the targeted users in backstories, such as the infamous 419 scam, and later trick them into sharing their credentials over a link sent via SMS.

 Tags

qualcomm component
raspberry robin malware
cryptocurrency scam
pokemon go spoofer injector
instagram users
netdooka malware
fake mobile app unlocker
netflix premium

Posted on: May 06, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.