The proliferation of Cybercrime-as-a-Service (CaaS) model can have far-reaching ramifications. In the last 24 hours, security experts have disclosed two new malware toolkits that are being actively promoted on popular communication platforms and underground forums. One of them is tracked as Eternity Project, which offers info-stealer, ransomware, worm, clipper, and coinminer modules. Another is an info-stealer malware builder that was used to create KurayStealer to steal credentials from Discord and 18 other apps.
In other emerging threats, the lesser-known Red Menshen threat actors have been associated with a new highly-evasive backdoor malware that targets Linux and Solaris systems. Researchers highlight that the backdoor was deployed against organizations in the U.S., South Korea, Hong Kong, Turkey, India, Vietnam, and Myanmar.
Top Breaches Reported in the Last 24 Hours
OKCIC disclosed a data breach
The Oklahoma City Indian Clinic (OKCIC) has disclosed a data breach that exposed the personal details of nearly 40,000 individuals. The data compromised in the incident includes full names, birth dates, medical records, physician information, phone numbers, social security numbers, and driver’s license numbers of customers.
Top Malware Reported in the Last 24 Hours
New KurayStealer malware
A new password-stealing malware builder is being sold on the Discord platform by a user who goes by the name ‘Portu’. Security experts have observed the first Portu-inspired malware sample, dubbed KurayStealer, in the wild. It is being used to target Discord users. Besides, it also makes use of webhooks to steal passwords, tokens, and IP addresses from 18 other apps.
New BPFdoor backdoor
A new Linux malware, dubbed BPFdoor, has been identified targeting Linux and Solaris systems. The malware can bypass firewalls, making it an ideal tool for corporate espionage and persistent attacks. It uses a Berkeley Packet Filter sniffer to parse ICMP, UDP, and TCP packets. Researchers have detected BPFdoor activity on networks of organizations in the U.S., South Korea, Hong Kong, Turkey, India, Vietnam, and Myanmar.
Top Vulnerabilities Reported in the Last 24 Hours
Zyxel fixes critical flaws
Zyxel has fixed a critical firewall vulnerability that could have allowed threat actors to gain access to devices and corporate networks. Tracked as CVE-2022-30525, the command injection flaw affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP). The impacted firmware versions are ZLD5.00 to ZLD5.21 Patch 1.
New Threat in Spotlight
New Eternity Project service
A new cybercrime service, named Eternity Project, has emerged on Telegram and dark web marketplaces. The malware toolkit offers a variety of malware such as an info-stealer, a coinminer, a clipper, ransomware, a worm, and a DDoS-based bot. According to researchers, low-skilled threat actors can leverage the service to build their own malware.