Go to listing page

Cyware Daily Threat Intelligence, May 09, 2022

Cyware Daily Threat Intelligence, May 09, 2022

Share Blog Post

Days after the warning from the FBI, the U.S. witnessed the first ransomware attack on the agricultural sector in 2022. The attack was hurled against the agricultural equipment giant AGCO, impacting its business operations. In another update, an uptick in credit card skimming attacks has been reported as researchers notice the growing popularity of a new skimmer-as-a-service, named Caramel.  

A powerful and ever-evolving trojan that offers complete backdoor access to Windows systems is also being sold on underground forums for as little as $5. Tracked as DCRat (also known as DarkCrystal RAT), the malware comes equipped with a wide range of information-stealing abilities.

Top Breaches Reported in the Last 24 Hours

AGCO hit
Agricultural equipment giant AGCO was forced to halt its business operations after it fell victim to a ransomware attack last week. The firm is still investigating the extent of the attack. In parallel, it has begun the recovery process to reinstate the affected facilities and systems. 

Top Malware Reported in the Last 24 Hours

New Caramel skimmer-as-a-service
A new credit card stealing service, called Caramel, is growing in popularity. Operated by a Russian cybercrime organization named ‘CaramelCorp,’ the skimmer-as-a-service can allow any low-skilled threat actors to get started with financial fraud. The skimmer service is capable of stealing credit card details and sending them back to remote servers to be collected by threat actors. 

Jester info-stealer attacks
CERT-UA has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems. The phishing emails carry the subject line ‘chemical attack’ and contain a link to a macro-enabled Microsoft Excel file. 

DCRat on sale
Malware authors have been found selling a powerful trojan named DCRat on underground forums. The malware, which is still being redesigned, comes equipped with a variety of information-stealing abilities. It can steal usernames, passwords, credit card details, browser history, Telegram login credentials, Steam accounts, Discord tokens, and more. 

Top Vulnerabilities Reported in the Last 24 Hours

RubyGems fixes a critical flaw
RubyGems has addressed a critical vulnerability that could have allowed any users on the site to remove and replace certain Ruby gems. Tracked as CVE-2022-29176, the vulnerability impacts the ‘yank’ action. The unauthorized user could replace the yanked gems with malicious ones having the same name, same version number, and different platforms.

Exploit for RCE flaw
Security researchers claim to have created an exploit for a recently disclosed RCE flaw that affects F5 Network’s BIG-IP family of networking devices/modules. The flaw, which is tracked as CVE-2022-1388, could enable attackers to execute commands on a vulnerable device with elevated privileges. It has a CVSS score of 9.8. 

 Tags

rubygems
jester stealer
agco
f5 big ip
discord tokens
dcrat
caramelcorp

Posted on: May 09, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.