Cyware Daily Threat Intelligence, May 13, 2020

Share Blog Post

Microsoft has fixed 123 vulnerabilities in its latest round of Patch Tuesday. This is the third month in a row that the number of addressed CVEs has exceeded a century. Although there are no zero-day flaws, sixteen of these flaws are rated as ‘Critical’. The affected products include Microsoft’s SharePoint, Color Management Module, Office Excel, and Graphics component in Windows 7 and Server 2008. Meanwhile, Adobe has also released updates for 36 vulnerabilities affecting a variety of its products such as Acrobat, Reader, and DNG Software Development Kit (SDK).

Details about thousands of malicious apps designed to spy on users also came to light in the past 24 hours. In one incident, researchers reported that more than 4,000 Android apps using Google’s Firebase databases were leaking sensitive data of their users. In other news, a total of 813 stalkerware apps, meant for stalking and defrauding, were discarded from Google’s Play Store.

Top Breaches Reported in the Last 24 Hours

Leaky Android apps
Over 4,000 Android apps that use Google’s cloud-hosted Firebase databases have been found leaking sensitive information of their users, including their email addresses, usernames, passwords, phone numbers, chat messages, and location data. Google, which has started notifying the potential developers, claims the leak is due to misconfigurations in their deployment process.

Web skimmers
A security researcher has uncovered around 1,236 domains that were infected with payment card skimmers. Some of the affected domains date back to 2018, many of which are located in the United States. Magecart Group 12 is believed to be behind most of the attacks.

Top Malware Reported in the Last 24 Hours

Google removes 813 apps
Last year, Google removed a batch of 813 stalkerware apps from its Play Store following a report from a group of academics. In the report, they highlighted that these apps possessed stalking, defrauding, or threatening features. These apps were downloaded for more than 50 million times before they were removed by Google.

Dark Crystal RAT
Researchers have detected a new C# variant of Dark Crystal RAT that uses new anti-analysis techniques. Some of the capabilities of this new variant include recording keystroke, hiding desktop icons, restarting and shutting down the machine, and transferring clipboard contents to the C2 server. 
Top Vulnerabilities Reported in the Last 24 Hours

Microsoft fixes 123 flaws
Microsoft has addressed 123 vulnerabilities as part of May 2020 Patch Tuesday security updates. Sixteen of these flaws are considered ‘Critical’ and about 95 vulnerabilities are rated ‘Important’. These vulnerabilities affect Microsoft’s SharePoint, Color Management Module, Office Excel, and Graphics component in Windows 7 and Server 2008.

Adobe patches 36 flaws
Adobe has released security updates for 36 vulnerabilities affecting its Acrobat, Reader, and DNG Software Development Kit (SDK). Of these, sixteen are classified as ‘Critical’ and can allow remote code execution or bypass of security features.

Top Scams Reported in the Last 24 Hours

YouTube phishing 
Researchers have come across a new phishing scam that targets YouTube creators. The scam is initiated by sending the data collected through a phishing form to a PHP file hosted at a third-party URL through two separate POST requests. The first POST request is sent after the victim submits their credentials on a phishing page. The second POST request redirects the victim from the phishing page to YouTube’s Creator Awards’ official page.

Scam store
A scam store, called ‘MyTechDomestic,’ topped Google search results for days. The store featured hard-to-find gadgets that were priced below the normal price. The site accepted payments only via direct bank transfers.


web skimmers
dark crystal rat
magecart group 12
stalkerware apps
youtube phishing
zero day flaws

Posted on: May 13, 2020

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.

Join Thousands of Other Cyware Followers!