Share Blog post
Hailing from the family of ZeusVm, the Chthonic banking trojan uses phishing campaigns in the form of Word documents with malicious ‘exe’ code embedded in it. The malware is designed to mainly exploit the CVE-2014-1761 flaw. After infecting a system, the Chthonic banking trojan collects data stored in the local system.
A new ransomware, named SynAck, has been spotted using the Doppelgänging technique in order to escape antivirus detection. The ransomware uses the technique to leverage NTFS transactions to launch a malicious process from the transacted file. After infecting a system, the ransomware collects computer and user names, OS version info, unique infection ID, session private key and some random data.
Backdoor removed from npm
The npm registry unpublished a backdoor and three other packages. The said backdoor was masquerading as a cookie parsing library and was named getcookies. Package containing potential backdoor was found on the express-cookies and http-fetch-cookies modules, and on the popular mailparser package depending upon http-fetch-cookies.
Posted on: May 07, 2018
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.